a1a1f484a9
Security fix: passdb/userdb dict: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS (CVE-2017-2669) Full ChangeLog 2.2.29 (including CVE fix): https://www.dovecot.org/list/dovecot-news/2017-April/000341.html Full ChangeLog 2.2.29.1 (some fixes forgotten in the 2.2.29 release): https://www.dovecot.org/list/dovecot-news/2017-April/000344.html Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> |
||
|---|---|---|
| .. | ||
| Config.in | ||
| dovecot.hash | ||
| dovecot.mk | ||