- update to 2.3.5.1
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
from Dovecot index. Exploiting this requires direct write
access to the index files.
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=41
This commit is contained in:
Git OBS Bridge
parent
be50c964a0
commit
5865d4af03
3
dovecot-2.3.5.1.tar.gz
Normal file
3
dovecot-2.3.5.1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d78f9d479e3b2caa808160f86bfec1c9c7b46344d8b14b88f5fa9bbbf8c7c33f
|
||||
size 6953150
|
||||
17
dovecot-2.3.5.1.tar.gz.sig
Normal file
17
dovecot-2.3.5.1.tar.gz.sig
Normal file
@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAlyYoFMXHGRvdmVjb3Qt
|
||||
Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaHamhAAkKY08CH7HxUio95L4d2IUS7t
|
||||
W7XsCahhsAmhGWyCVTheT2o/3AVPuKW++6nomKwuFmPJFrFdFVmVAhX9tjyNcgHJ
|
||||
YGH1IKy0DrV0RKAkYSvJcooyWXaqejTEQ7E/Ad94ldhGF1twa8xX+8Hr/1QY9cnB
|
||||
1YuqczirsaU+fI9wBc4Dogt3RfA/r36/jGQKNlQYxf9/KTSV1QXtqKQRQWaBsDni
|
||||
W4+ovuXlVNB3B5/aKUylsxHHUWYX5Ls4kk6+qpdKqTw9/WImuWPy7x5byRR3ycIP
|
||||
EI31S1LjipM/oe/o0VKHserJCAf8Wkvj8f1t6ZzYFY7LQwj0Lge0FQ8jVctBhv+P
|
||||
mFtX3L/tv7GN7k+nsH27jCFPfTlyGD9kN2UivUIXsiDkgRJI3ifcDvIuF1VnEybD
|
||||
+IQksd3eMCHfV9NnFcIy4X7FiHxTz1S2FTFlb8nbr1CirehV4WJt5x27FDZjVHXP
|
||||
mAvRY/iNkzRWEHbrTrgb9I9OUA5mXE2v3lox7WIPJwh+Nc8USS8/O0jFXPE7am5x
|
||||
SspQ+2ZAOhLja2fp7wLZR2vxMXyjXAFT0teGoTq67fTPX8OKDgbNjFCKR4ROJKU8
|
||||
d33KfXt8N4MPi6F9LZTm352248+jFUI4tXV7eJp6Aw9k8jje9OJzBfPYIdBgd2rD
|
||||
EBi+rfFY/GcORlMO6Wc=
|
||||
=RY2x
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:bfe112ec6d11f7d6c6f7f0440e3b6e2c840c15cec1e99466b5495765d54aaaff
|
||||
size 6970480
|
||||
@ -1,17 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAlx+afoXHGRvdmVjb3Qt
|
||||
Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGmvQ/8D5tOni6a8HJaGF1KlQ1ubMhJ
|
||||
CkFWGSNJ5x0UCycCsqgEOMmDPL7Euf9LLwmKgb8FHTWc96TexyiM+n+VXuzaH2yN
|
||||
J6UXLrUqtOybKt1kTOmy8L14tcZG9eBq8V3ycogyuXe2qnucVJjr8D1MS3UX4xsV
|
||||
ly1Zqcwky8RrUVTcTlbEwjoYUJY75NNeoTEKG/Eq3xwiDSTzh2/JQuhO/wP89ZDW
|
||||
8H681rHEGQImzYUVlMMYqeUvgqATVn/pwpDp1ov4/K52vQTfY3vX6xYnE+lQ5cg0
|
||||
LzXokkBS54CsVCg7XwqfMpTjEOfpOLSbwCE+Ujak/xIvzz1Fg7sn1XL9oIYaZg5R
|
||||
2IU9lmWkzscPiBfz57knOyB/jiNJjSHYEFlgrVjskqId5xfLdkFN/VNeI7LDWNC/
|
||||
sKHgRy92EwOVi9gQM8FRTmnsDyfpeSZ5DW8FaNr4iRg8RYfqjwSs1xTH6mzD1hcX
|
||||
RodblVxxEWB4uFj/0lY0J60Mad63l+xrsv4NEpnxFRQknoINyWNWM5JHRJjoW2rS
|
||||
XGUh8XZWsCiNVg5dQj+1uNLVarLUHBfCzb6+RWevY09hIJqkMafHDYHwwbFDdvZh
|
||||
dz3jHdtOksDoObUWKZ/1XJgm/Zg4vw4b2ZfrezCyruo45l/6T2vuaCHsYfF0/hDz
|
||||
Ec1Rox1X6gjvbp4IjqA=
|
||||
=sFpO
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 28 12:36:55 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
||||
|
||||
- update to 2.3.5.1
|
||||
* CVE-2019-7524: Missing input buffer size validation leads into
|
||||
arbitrary buffer overflow when reading fts or pop3 uidl header
|
||||
from Dovecot index. Exploiting this requires direct write
|
||||
access to the index files.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 8 18:09:00 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
||||
|
||||
|
||||
@ -17,10 +17,10 @@
|
||||
|
||||
|
||||
Name: dovecot23
|
||||
Version: 2.3.5
|
||||
Version: 2.3.5.1
|
||||
Release: 0
|
||||
%define pkg_name dovecot
|
||||
%define dovecot_version 2.3.5
|
||||
%define dovecot_version 2.3.5.1
|
||||
%define dovecot_pigeonhole_version 0.5.5
|
||||
%define dovecot_branch 2.3
|
||||
%define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user