[packages/dovecot] - up to 2.3.11.3
arekm
arekm at pld-linux.org
Thu Aug 13 17:04:07 CEST 2020
commit d5371f6c089ecd739c9ddc502a324dcd423c57ef
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Thu Aug 13 17:00:09 2020 +0200
- up to 2.3.11.3
Fixes:
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
dovecot.spec | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/dovecot.spec b/dovecot.spec
index 07e5835..5de61d6 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -12,13 +12,13 @@
Summary: IMAP and POP3 server written with security primarily in mind
Summary(pl.UTF-8): Serwer IMAP i POP3 pisany głównie z myślą o bezpieczeństwie
Name: dovecot
-Version: 2.3.10.1
-Release: 2
+Version: 2.3.11.3
+Release: 1
Epoch: 1
License: MIT (libraries), LGPL v2.1 (the rest)
Group: Networking/Daemons
Source0: http://dovecot.org/releases/2.3/%{name}-%{version}.tar.gz
-# Source0-md5: dfa416e58dd7132264847c59957b519c
+# Source0-md5: f06f2272fad04e7b0207f8d00a291f66
Source1: %{name}.pamd
Source2: %{name}.init
Source3: %{name}.sysconfig
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/dovecot.git/commitdiff/d5371f6c089ecd739c9ddc502a324dcd423c57ef
More information about the pld-cvs-commit
mailing list