diff --git a/dovecot-2.3.5.1.tar.gz b/dovecot-2.3.5.1.tar.gz deleted file mode 100644 index 98008e0..0000000 --- a/dovecot-2.3.5.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d78f9d479e3b2caa808160f86bfec1c9c7b46344d8b14b88f5fa9bbbf8c7c33f -size 6953150 diff --git a/dovecot-2.3.5.1.tar.gz.sig b/dovecot-2.3.5.1.tar.gz.sig deleted file mode 100644 index fdf1864..0000000 --- a/dovecot-2.3.5.1.tar.gz.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAlyYoFMXHGRvdmVjb3Qt -Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaHamhAAkKY08CH7HxUio95L4d2IUS7t -W7XsCahhsAmhGWyCVTheT2o/3AVPuKW++6nomKwuFmPJFrFdFVmVAhX9tjyNcgHJ -YGH1IKy0DrV0RKAkYSvJcooyWXaqejTEQ7E/Ad94ldhGF1twa8xX+8Hr/1QY9cnB -1YuqczirsaU+fI9wBc4Dogt3RfA/r36/jGQKNlQYxf9/KTSV1QXtqKQRQWaBsDni -W4+ovuXlVNB3B5/aKUylsxHHUWYX5Ls4kk6+qpdKqTw9/WImuWPy7x5byRR3ycIP -EI31S1LjipM/oe/o0VKHserJCAf8Wkvj8f1t6ZzYFY7LQwj0Lge0FQ8jVctBhv+P -mFtX3L/tv7GN7k+nsH27jCFPfTlyGD9kN2UivUIXsiDkgRJI3ifcDvIuF1VnEybD -+IQksd3eMCHfV9NnFcIy4X7FiHxTz1S2FTFlb8nbr1CirehV4WJt5x27FDZjVHXP -mAvRY/iNkzRWEHbrTrgb9I9OUA5mXE2v3lox7WIPJwh+Nc8USS8/O0jFXPE7am5x -SspQ+2ZAOhLja2fp7wLZR2vxMXyjXAFT0teGoTq67fTPX8OKDgbNjFCKR4ROJKU8 -d33KfXt8N4MPi6F9LZTm352248+jFUI4tXV7eJp6Aw9k8jje9OJzBfPYIdBgd2rD -EBi+rfFY/GcORlMO6Wc= -=RY2x ------END PGP SIGNATURE----- diff --git a/dovecot-2.3.5.2.tar.gz b/dovecot-2.3.5.2.tar.gz new file mode 100644 index 0000000..7493634 --- /dev/null +++ b/dovecot-2.3.5.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ba14e41aefd81a868a35b83bcb54194116106424d37690519b50ea83c0f31bf2 +size 6953228 diff --git a/dovecot-2.3.5.2.tar.gz.sig b/dovecot-2.3.5.2.tar.gz.sig new file mode 100644 index 0000000..d7f15dd --- /dev/null +++ b/dovecot-2.3.5.2.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAly4Op0XHGRvdmVjb3Qt +Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGNmBAAmVTk1EHLtY++LjMAwax5mDQ1 +rwnoGWcCTCVrM7s7FAehvQ+FXnDTtHEWcWzxvjngm58jFBr+H/1NfAYR8srLfHc7 +ucj4Xt9Fyl++pGyUXKS+RTZP+rcI6nt/AmPBqG/WaaMGKI04jFzNw2MMIJ2afOI6 +MJbDOCZm6PDQiCAw7xJ2RaD021irAvZu1Xa1mVq2eZb5vrU8heVfOwZhyVU6H8bD +xaYbhvMNB7CHl3xMQDFNKLlArxEiAQgm4akVvC1NzCkkR87RwZfjjQZfdVd2xlx2 +x2Jm33WrGPumXlpWNqPCrwKgynLJ0qgZZ78c9pwsIGW8Nq+LxK6z1hDdCbUjjTGj +AOYqxXuD9yJfKYFAL9y1YSY/BEVGrBK30RQdQxXb/xqQ6bxIysxPjSg7lWetclQO +XzyJlKV2qP8zjAjZisY4T4WGJm9zLX1JK6cojenjZBapRuGF9ro+QulZZtRCtljf +7jrOQLir8LjhA0KCH8mlPps33qyzVpOKmLtZ2w9MGIQowHQUAQA3G2EBp7h2pNm2 +dFW/I+F6sU2CFBm9lvuLV4BWt2y9VZsaz7uk0NdUscPJ4i0XBQnoa7CEOzj1SXnR +R58tqxtXoelX/XmUsd6JWeW1jDaS/dGaxe30zSMKwZR3zKP7T+pJmKhHwRxwo1G8 +Z3qiNsmMUycFz06VMho= +=t6Fw +-----END PGP SIGNATURE----- diff --git a/dovecot23.changes b/dovecot23.changes index 99bf0f3..c46da06 100644 --- a/dovecot23.changes +++ b/dovecot23.changes @@ -1,7 +1,18 @@ +------------------------------------------------------------------- +Thu Apr 18 11:40:06 UTC 2019 - Marcus Rueckert + +- update to 2.3.5.2 (boo#1132501) + * CVE-2019-10691: Trying to login with 8bit username containing + invalid UTF8 input causes auth process to crash if auth policy + is enabled. This could be used rather easily to cause a DoS. + Similar crash also happens during mail delivery when using + invalid UTF8 in From or Subject header when OX push + notification driver is used. + ------------------------------------------------------------------- Thu Mar 28 12:36:55 UTC 2019 - Marcus Rueckert -- update to 2.3.5.1 +- update to 2.3.5.1 (boo#1130116) * CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write diff --git a/dovecot23.spec b/dovecot23.spec index f906d90..1d392d0 100644 --- a/dovecot23.spec +++ b/dovecot23.spec @@ -17,10 +17,10 @@ Name: dovecot23 -Version: 2.3.5.1 +Version: 2.3.5.2 Release: 0 %define pkg_name dovecot -%define dovecot_version 2.3.5.1 +%define dovecot_version 2.3.5.2 %define dovecot_pigeonhole_version 0.5.5 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}