K 10
svn:author
V 6
fluffy
K 8
svn:date
V 27
2020-01-31T09:37:27.412336Z
K 7
svn:log
V 883
MFH: r524529

mail/opensmtpd: update to 6.6.2p1 relase

This update addressed LPE and RCE vulnerabilities in OpenSMTPD (CVE-2020-7247)
https://www.openwall.com/lists/oss-security/2020/01/28/3

This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch
smtpd to new grammar") and allows an attacker to execute arbitrary shell
commands, as root:

- either locally, in OpenSMTPD's default configuration (which listens on
  the loopback interface and only accepts mail from localhost);

- or locally and remotely, in OpenSMTPD's "uncommented" default
  configuration (which listens on all interfaces and accepts external
  mail).

PR:		243686
Reported by:	authors via irc
Relnotes:	https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html
Security:	CVE-2020-7247
Security:	08f5c27d-4326-11ea-af8b-00155d0a0200

Approved by:	ports-secteam (blanket, security issue)

END