Mateusz Jończyk

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a problem in the md/raid1 module of the Linux kernel, specifically with the `choose bb rdev()` function. This function is missing a check for recovery, which can lead to reading unrecovered data from a slow disk in a degraded array. The root cause of the problem is the lack of checking for recovery in the `choose bb rdev()` function. The issue can be exploited to affect the integrity and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PostSRSd versions prior to 1.11 **Description** The issue is related to the incorrect handling of certain long data fields by the PostSRSd daemon in Postfix, which can lead to a denial of service (subprocess hang) when Postfix sends specific long data fields, such as multiple concatenated email addresses. The maintainer of PostSRSd acknowledges this as a security bug, although they question the reliability of triggering this condition by an external attacker. **Recommendations** For PostSRSd versions prior to 1.11, update to version 1.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of long data fields in Postfix to minimize the risk of exploitation.