package/libesmtp: security bump to version 1.1.0
After more than a decade, libESMTP version 1.0.6 is superceded. Despite proving robust a little bitrot has occurred, especially regarding OpenSSL support. The original application data APIs are prone to memory leaks and are deprecated in favour of safer replacements. Version 1.1 updates libESMTP without breaking API and ABI compatibility and provides a basis for future development. In addition to updates to the codebase, documentation is modernised and is more comprehensive. All libESMTP users are encouraged to upgrade from version 1.0.6. - Update license files - Update indentation in hash file (two spaces) - Switch to meson-package - Handle threads and tls meson options - libesmtp-config has been dropped: https://github.com/libesmtp/libESMTP/issues/8 - Fix CVE-2019-19977: libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. https://github.com/libesmtp/libESMTP/releases/tag/v1.1.0 https://libesmtp.github.io/changes-since-v1.0.6.html Signed-off-by:Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Loading
Please register or sign in to comment