Attachment #190049 for bug #225446

View | Details | Raw Unified | Return to bug 225446
Collapse All | Expand All

Lines 13-19 Link Here

(-)mail/dovecot/Makefile (-1 / +1 lines)
13		13
14	PORTNAME= dovecot	14	PORTNAME= dovecot
15	PORTVERSION= 2.2.33.2	15	PORTVERSION= 2.2.33.2
16	PORTREVISION= 2	16	PORTREVISION= 3
17	CATEGORIES= mail ipv6	17	CATEGORIES= mail ipv6
18	MASTER_SITES= https://www.dovecot.org/releases/2.2/	18	MASTER_SITES= https://www.dovecot.org/releases/2.2/
19		19




#

Ref: https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060
Security: CVE-2017-15132

Fix memory leaks when authentication was aborted.

--- src/lib-auth/auth-client-request.c.orig	2018-01-25 11:02:08 UTC
+++ src/lib-auth/auth-client-request.c
@@ -180,6 +180,7 @@ void auth_client_request_abort(struct au
 
 	auth_client_send_cancel(request->conn->client, request->id);
 	call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
+	pool_unref(&request->pool);
 }
 
 unsigned int auth_client_request_get_id(struct auth_client_request *request)

Return to bug 225446

Line 0 Link Here

(-)mail/dovecot/files/patch-CVE-2017-15132.patch (+17 lines)
	1	#
	2
	3	Ref: https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060
	4	Security: CVE-2017-15132
	5
	6	Fix memory leaks when authentication was aborted.
	7
	8	--- src/lib-auth/auth-client-request.c.orig 2018-01-25 11:02:08 UTC
	9	+++ src/lib-auth/auth-client-request.c
	10	@@ -180,6 +180,7 @@ void auth_client_request_abort(struct au
	11
	12	auth_client_send_cancel(request->conn->client, request->id);
	13	call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
	14	+ pool_unref(&request->pool);
	15	}
	16
	17	unsigned int auth_client_request_get_id(struct auth_client_request *request)