branches: 1.1.1.4.4; 1.1.1.4.10;
Import Postfix 2.8.3:
Postfix releases 2.8.3, 2.7.4, 2.6.10 and 2.5.13 are available. These contain
a fix for CVE-2011-1720 which affects Postfix SMTP server configurations that
use Cyrus SASL authentication. Besides full releases, patches are available
for Postfix 1.1 and later.

This defect was introduced with the Postfix SASL patch, and is present in all
Postfix versions where the command "postconf mail_release_date" reports a
value of 20000314 (March 14, 2000) or greater.

Note: CVE-2011-1720 does not affect Postfix SMTP servers that use Dovecot
SASL authentication. It also does not affect the common Postfix SMTP server
configurations that use only Cyrus SASL mechanisms PLAIN and LOGIN.

More details will be available at http://www.postfix.org/CVE-2011-1720.html.