projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6d7df70) | patch
package/dovecot: security bump to version 2.3.10.1
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Fri, 22 May 2020 13:58:08 +0000 (15:58 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 22 May 2020 18:54:49 +0000 (20:54 +0200)
commit03fbb81b8bab7bad135b59267533be7688babe39
tree48bd86447cea4ac8dd2da358b2de9d0a208d0147tree
parent6d7df70016d51c4813c77095705cf8a0e3e1c09ecommit | diff
package/dovecot: security bump to version 2.3.10.1

- Fix CVE-2020-10957: In Dovecot before 2.3.10.1, unauthenticated
  sending of malformed parameters to a NOOP command causes a NULL
  Pointer Dereference and crash in submission-login, submission, or
  lmtp.
- Fix CVE-2020-10958: In Dovecot before 2.3.10.1, a crafted SMTP/LMTP
  message triggers an unauthenticated use-after-free bug in
  submission-login, submission, or lmtp, and can lead to a crash under
  circumstances involving many newlines after a command.
- Fix CVE-2020-10967: In Dovecot before 2.3.10.1, remote
  unauthenticated attackers can crash the lmtp or submission process by
  sending mail with an empty localpart.
- Drop first patch (already in version) and so autoreconf
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch [deleted file] blob | history
package/dovecot/dovecot.hash diff | blob | history
package/dovecot/dovecot.mk diff | blob | history