From 655f47397da8dbd7c711f3c8691ded80e137d55e082b38b5ba89560865100525 Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Wed, 7 Mar 2018 12:01:48 +0000
Subject: [PATCH] add bugnumbers

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=10
---
 dovecot23.changes | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dovecot23.changes b/dovecot23.changes
index b67d437..4020e48 100644
--- a/dovecot23.changes
+++ b/dovecot23.changes
@@ -21,15 +21,16 @@ Tue Mar  6 13:48:50 UTC 2018 - mrueckert@suse.de
     memory usage, causing imap-login/pop3-login VSZ limit to be
     reached and the process restarted. This happens only if Dovecot
     config has local_name { } or local { } configuration blocks and
-    attacker uses randomly generated SNI servernames.
+    attacker uses randomly generated SNI servernames. (boo#1082828)
   * CVE-2017-14461: Parsing invalid email addresses may cause a
     crash or leak memory contents to attacker. For example, these
     memory contents might contain parts of an email from another
     user if the same imap process is reused for multiple users.
     First discovered by Aleksandar Nikolic of Cisco Talos.
     Independently also discovered by "flxflndy" via HackerOne.
+    (boo#1082826)
   * CVE-2017-15132: Aborted SASL authentication leaks memory in
-    login process.
+    login process. (boo#1075608)
   * Linux: Core dumping is no longer enabled by default via
     PR_SET_DUMPABLE, because this may allow attackers to bypass
     chroot/group restrictions. Found by cPanel Security Team.