add bugnumbers

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=10
2018-03-07 12:01:48 +00:00 · 2018-03-07 12:01:48 +00:00 · 655f47397d
commit 655f47397d
parent 611d2263be
1 changed files with 3 additions and 2 deletions
--- a/dovecot23.changes
+++ b/dovecot23.changes
@ -21,15 +21,16 @@ Tue Mar  6 13:48:50 UTC 2018 - mrueckert@suse.de
    memory usage, causing imap-login/pop3-login VSZ limit to be
    reached and the process restarted. This happens only if Dovecot
    config has local_name { } or local { } configuration blocks and
-    attacker uses randomly generated SNI servernames.
+    attacker uses randomly generated SNI servernames. (boo#1082828)
  * CVE-2017-14461: Parsing invalid email addresses may cause a
    crash or leak memory contents to attacker. For example, these
    memory contents might contain parts of an email from another
    user if the same imap process is reused for multiple users.
    First discovered by Aleksandar Nikolic of Cisco Talos.
    Independently also discovered by "flxflndy" via HackerOne.
+    (boo#1082826)
  * CVE-2017-15132: Aborted SASL authentication leaks memory in
-    login process.
+    login process. (boo#1075608)
  * Linux: Core dumping is no longer enabled by default via
    PR_SET_DUMPABLE, because this may allow attackers to bypass
    chroot/group restrictions. Found by cPanel Security Team.