Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

HEADS UP: Postfix 2.8.3 imported


I've imported Postfix 2.8.3 into NetBSD-current today. It builds and works
fine under NetBSD/i386. Please submit a bug report if you find any problems.

Here is a list of the changes since version 2.8.2:

Postfix releases 2.8.3, 2.7.4, 2.6.10 and 2.5.13 are available. These contain
a fix for CVE-2011-1720 which affects Postfix SMTP server configurations that
use Cyrus SASL authentication. Besides full releases, patches are available
for Postfix 1.1 and later.

This defect was introduced with the Postfix SASL patch, and is present in all
Postfix versions where the command "postconf mail_release_date" reports a
value of 20000314 (March 14, 2000) or greater.

Note: CVE-2011-1720 does not affect Postfix SMTP servers that use Dovecot
SASL authentication. It also does not affect the common Postfix SMTP server
configurations that use only Cyrus SASL mechanisms PLAIN and LOGIN.

        Kind regards

Matthias Scheler                        

Attachment: pgpRqEbmc7ntW.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index