Summary: | mail/dovecot: Fix memory leak in auth_client_request_abort() (CVE-2017-15132) | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | VK <vlad-fbsd> | ||||
Component: | Individual Port(s) | Assignee: | Niclas Zeising <zeising> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | CC: | adamw, ports-secteam, zeising | ||||
Priority: | --- | Keywords: | patch, security | ||||
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(adamw) vlad-fbsd: merge-quarterly? |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
URL: | http://seclists.org/oss-sec/2018/q1/100 | ||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225585 | ||||||
Attachments: |
|
Description
VK
2018-01-25 11:23:11 UTC
Running a few hours now on a low traffic server (50-100 logins per minute, few hundred concurrent connections at all times), no observed problem, no fallout. A commit references this bug: Author: zeising Date: Mon Jan 29 20:59:18 UTC 2018 New revision: 460336 URL: https://svnweb.freebsd.org/changeset/ports/460336 Log: Add patch and fix CVE-2017-15132 Add upstream patch to fix CVE-2017-15132, memory leak in the log in process that can cause memory exhaustion. PR: 225446 Submitted by: Vladimir Krstulja Approved by: adamw (maintainer), swills (ports-secteam) MFH: 2018Q1 Security: 92b8b284-a3a2-41b1-956c-f9cf8b74f500 Changes: head/mail/dovecot/Makefile head/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c A commit references this bug: Author: zeising Date: Mon Jan 29 21:04:38 UTC 2018 New revision: 460337 URL: https://svnweb.freebsd.org/changeset/ports/460337 Log: MFH: r460336 Add patch and fix CVE-2017-15132 Add upstream patch to fix CVE-2017-15132, memory leak in the log in process that can cause memory exhaustion. PR: 225446 Submitted by: Vladimir Krstulja Approved by: adamw (maintainer), swills (ports-secteam) Security: 92b8b284-a3a2-41b1-956c-f9cf8b74f500 Approved by: ports-secteam (implicit) Changes: _U branches/2018Q1/ branches/2018Q1/mail/dovecot/Makefile branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c Fixed, thanks for your submission! Assign PR to me since I did the commit (approved by adamw on IRC). |