diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-01-26 15:48:02 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-01-26 15:48:02 +0000 |
commit | 38b7258d086dd5e263c3bbe3880c8c956676bc71 (patch) | |
tree | 6fce284d5bfddaf597a490ac66069d16c6a485db /net-mail/dovecot/files | |
parent | 0ebf740b9c9bc7c10ac41bea315ecc6c01c79166 (diff) |
gentoo resync : 25.01.2018
Diffstat (limited to 'net-mail/dovecot/files')
-rw-r--r-- | net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132.patch | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132.patch b/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132.patch new file mode 100644 index 000000000000..3f87e71b559a --- /dev/null +++ b/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132.patch @@ -0,0 +1,14 @@ +CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted. + +https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 + +--- a/src/lib-auth/auth-client-request.c ++++ b/src/lib-auth/auth-client-request.c +@@ -186,6 +186,7 @@ void auth_client_request_abort(struct auth_client_request **_request) + + auth_client_send_cancel(request->conn->client, request->id); + call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL); ++ pool_unref(&request->pool); + } + + unsigned int auth_client_request_get_id(struct auth_client_request *request) |