CVE-2020-7046
lib-smtp doesn't handle truncated command parameters properly, resulting
in infinite loop taking 100% CPU for the process. This happens for LMTP
(where it doesn't matter so much) and also for submission-login where
unauthenticated users can trigger it.
CVE-2020-7957
Snippet generation crashes if:
- message is large enough that message-parser returns multiple body blocks
- The first block(s) don't contain the full snippet (e.g. full of whitespace)
- input ends with '>'
Sending specially crafted email can cause mailbox to have permanently
unaccessible mail, or the mail can be stuck in delivery.
cdf51fadc5