[Buildroot] [PATCH] dovecot: add upstream security fix for CVE-2017-15132
Peter Korsgaard
peter at korsgaard.com
Wed Jan 31 12:34:53 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL
> authentication results in a memory leak in dovecot's auth client used by
> login processes. The leak has impact in high performance configuration
> where same login processes are reused and can cause the process to crash due
> to memory exhaustion.
> For more details, see:
> http://www.openwall.com/lists/oss-security/2018/01/25/4
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x and 2017.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list