@flatcap flatcap released this Jul 16, 2018 · 1234 commits to master since this release

Notes

This is a small, but intensive, bug-fix release.

It fixes some important security holes, so upgrading is strongly recommended.

Some large architectural changes are coming, so the next release may be some months away.

Thanks

Many thanks to our new contributors:

and our regular contributors:

Features

  • <check-stats> function

Bug Fixes

  • Lots

Security

  • CVE-2018-14349 - NO Response Heap Overflow
  • CVE-2018-14350 - INTERNALDATE Stack Overflow
  • CVE-2018-14351 - STATUS Literal Length relative write
  • CVE-2018-14352 - imap_quote_string off-by-one stack overflow
  • CVE-2018-14353 - imap_quote_string int underflow
  • CVE-2018-14354 - imap_subscribe Remote Code Execution
  • CVE-2018-14355 - STATUS mailbox header cache directory traversal
  • CVE-2018-14356 - POP empty UID NULL deref
  • CVE-2018-14357 - LSUB Remote Code Execution
  • CVE-2018-14358 - RFC822.SIZE Stack Overflow
  • CVE-2018-14359 - base64 decode Stack Overflow
  • CVE-2018-14360 - NNTP Group Stack Overflow
  • CVE-2018-14361 - NNTP Write 1 where via GROUP response
  • CVE-2018-14362 - POP Message Cache Directory Traversal
  • CVE-2018-14363 - NNTP Header Cache Directory Traversal
Assets 5