SUSE Package Hub - openSUSE-2021-669

Update Info

openSUSE-2021-669

Security update for postsrsd

Type: security

Severity: moderate

Issued: 2021-05-05

Description:

This update for postsrsd fixes the following issues:

Update to release 1.11 [boo#1180251]

* Drop group privileges as well as user privileges
* Fixed: The subprocess that talks to Postfix could be caused
  to hang with a very long email address. [CVE-2020-35573]

Update to release 1.6

* Fix endianness issue with SHA-1 implementation
* Add dual stack support
* Make SRS separator configurable

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

CVE: CVE-2020-35573
Bugzilla: 1180251 VUL-0: CVE-2020-35573: postsrsd: DoS via a long timestamp tag in an SRS address

Packages

postsrsd-1.11-bp152.4.3.1