NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
28c28ba303
kumquat-buildroot/package/dovecot
History
Bernd Kuhls 6db0ea91ef package/dovecot: security bump version to 2.3.11.3 
Release notes:
https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html

Fixes the following CVEs:

* CVE-2020-12100: Parsing mails with a large number of MIME parts could
  have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:44:18 +02:00
..
Config.in
dovecot.hash package/dovecot: security bump version to 2.3.11.3 2020-08-18 23:44:18 +02:00
dovecot.mk package/dovecot: security bump version to 2.3.11.3 2020-08-18 23:44:18 +02:00