Skip to content

@poolpOrg poolpOrg released this Feb 24, 2020 · 219 commits to portable since this release

SECURITY RELEASE

An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.

Assets 4
You can’t perform that action at this time.