Date: Thu, 25 Jan 2018 11:23:11 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 225446] mail/dovecot: Fix memory leak in auth_client_request_abort() (CVE-2017-15132) Message-ID: <bug-225446-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225446 Bug ID: 225446 Summary: mail/dovecot: Fix memory leak in auth_client_request_abort() (CVE-2017-15132) Product: Ports & Packages Version: Latest Hardware: Any URL: http://seclists.org/oss-sec/2018/q1/100 OS: Any Status: New Keywords: patch, security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: adamw@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com CC: adamw@FreeBSD.org, ports-secteam@FreeBSD.org Attachment #190049 maintainer-approval?(adamw@FreeBSD.org) Flags: CC: adamw@FreeBSD.org Assignee: adamw@FreeBSD.org Flags: maintainer-feedback?(adamw@FreeBSD.org), merge-quarterly? Created attachment 190049 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D190049&action= =3Dedit Fix memory leak in auth_client_request_abort() A memory leak was found and fixed in dovecot, occurring when SASL authentication is aborted. I've ported the patch. It builds with poudriere 11.1 amd64. Have NOT yet te= sted functionally. * Upstream fix: =20 https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8= b060 * CVE reference: http://seclists.org/oss-sec/2018/q1/100 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-225446-13>