[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.5.10.html]
The following fixes address null pointer bugs and a memory leak that have no potential for information loss or leaks, privilege escalation, or denial of service.
Fixed in Postfix 3.4 and 3.5:
Missing null pointer checks (introduced in Postfix 3.4) after an internal I/O error during the smtp(8) to tlsproxy(8) handshake. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni.
Fixed in all supported Postfix releases:
Null pointer bug (introduced in Postfix 3.0) and memory leak (introduced in Postfix 3.4) after an inline: table syntax error in main.cf or master.cf. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni.
Incomplete null pointer check (introduced: Postfix 2.10) after truncated HaProxy version 1 handshake message. Found by Coverity, reported by Jaroslav Skarvada. Fix by Viktor Dukhovni.
Missing null pointer check (introduced: Postfix alpha) after null argv[0] value.
You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/.