- update to 2.3.4.1 (boo#1123022)
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
trusted certificate with missing username field
(ssl_cert_username_field), under some configurations Dovecot
mistakenly trusts the username provided via authentication
instead of failing.
* ssl_cert_username_field setting was ignored with external
SMTP AUTH, because none of the MTAs (Postfix, Exim) currently
send the cert_username field. This may have allowed users with
trusted certificate to specify any username in the
authentication. This bug didn't affect Dovecot's Submission
service.
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=38
This commit is contained in:
Git OBS Bridge
parent
d6d0b37521
commit
850a9b2907
3
dovecot-2.3.4.1.tar.gz
Normal file
3
dovecot-2.3.4.1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:b8873e2ce5c33e58963bb7a8d2ff8427c09dbfdd63e13a0b0f4502864043aa07
|
||||||
|
size 6925073
|
||||||
17
dovecot-2.3.4.1.tar.gz.sig
Normal file
17
dovecot-2.3.4.1.tar.gz.sig
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAlxZb8EXHGRvdmVjb3Qt
|
||||||
|
Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGwOBAAm9ck9yken0ArzR0njXywornz
|
||||||
|
ftUrEflzkEESqVxFVGF7i4ZPxa1Dfrpb5QedIBcdFp1sV1sALSh5HH5k43TV+yBY
|
||||||
|
r7trHu8kJSOmFE4KoHst9Y6bewu3Rg5Bh2v5XBaaY6A9ADjdJNamT4AAqDDI2f6Q
|
||||||
|
f27P/O+34bvgCI7Ol1VezFXlNagBtcSBAtPTqfqdILqW/H0oV1J21gmBGTT6u6Z8
|
||||||
|
aPyf060U46GZWjHBQDoZRq0NUSIYf8H7qdubEbt0kCifWFuT1LjmvLRbQv3Wxp5m
|
||||||
|
H0QjzWejVun9AX6MG5mZCzmIn+q30ArUG9EJ4tAAzvsCUqywvpbjjuU2wULGJJNz
|
||||||
|
oEAEVIXp84yxXUavnr+DFevh2yruVHZUj16lwF98u29IWiSwFfhZZsyc+jXuwiDm
|
||||||
|
WYl/KfOL3ACBakcPxdMyVTwghKBAA9xH0DXAsPTyIrxwmNgn48d/wiQtmtsYVAYb
|
||||||
|
HlYtooee4KptiXL9Eq/kAz7oAPrVdhZxqT48CRh6Cd6dfWtGXNQIMdXVt/7T2ygJ
|
||||||
|
sC/wpziKEy+BE1J/NSuCOgGNcIQij0VJvl9rnldpxACzNQ0CGaJfKv7/LPF2bO5o
|
||||||
|
LED+rFOFfK3IOGxZgr5euQPIVVn7DxAZaIoEumwYW3YO46BJlSB+9XN20YVqH4vY
|
||||||
|
jyPHxVeZN6q7RvlP498=
|
||||||
|
=HaCn
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:d91b76eff8df6185c1799f1b279f780105bdeeea27e3286b42f4cab18efbef05
|
|
||||||
size 6924178
|
|
||||||
@ -1,17 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAlv3480XHGRvdmVjb3Qt
|
|
||||||
Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaF1mg//SA1Wstc+qX+LT+EzE1wqQuQR
|
|
||||||
3aZPQI0e0T9DNggsDVifXtFUfbFBUhKX5r/dJxletbkZG5ymqHxdNMA43dLhiuAl
|
|
||||||
wx0lXqEqanzyH+yDBC+dCXpfjw3ldu359edlFpwiGc1B+UfsxLBON6Kseh3W3/us
|
|
||||||
0bkcDaFYmuhtPmKj3LdRWrURC5GJcDHaL639SfqL5A2J57Ah1OIh0YxWntImoYU7
|
|
||||||
0eT6sGD5x/9HIkWtkZoGkn+Gm0hRXVPkeOQ2SmizqWiU4nxr9FCZdvb8rhCGeEVt
|
|
||||||
0WZJANbpsKdKSXpxP7bdV+ivpUD6CorTT4apBhZSf049ZiuIueaxrWU1zaem2t1P
|
|
||||||
cP1MGq+liZz0ZH+GPJtnAx45Gzx1SG1rBdQmBUOLnu1/v5S+NMsG+Wc0cdXMmxAF
|
|
||||||
e7yCeRxeAvzbaKmvkVAESlonvCoh8bLdzE0XqibCRcWgGTCs1iVs3yQBSrDxii5x
|
|
||||||
6KYiLe+r1YHH6cbMKC+ddPpuY1ybIXNo5kdLmCnUt2qOJQt2NDDH3FVHLeQFluTM
|
|
||||||
q7ORNhmwNHlIeR01jBDvwrr1FIKPxYNTcigGQrVFQh3eLToYayXcnuFG3PgZwoI0
|
|
||||||
zmTex70vEVrr1Ru8K9NTbsQKLu13CjGGVhenBQDj4C06P/fPLnXDYBkdVIkflQYA
|
|
||||||
XFEAHqhpTKi0b5n0mQQ=
|
|
||||||
=JHB0
|
|
||||||
-----END PGP SIGNATURE-----
|
|
||||||
@ -1,3 +1,19 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 5 13:45:52 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
||||||
|
|
||||||
|
- update to 2.3.4.1 (boo#1123022)
|
||||||
|
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
|
||||||
|
trusted certificate with missing username field
|
||||||
|
(ssl_cert_username_field), under some configurations Dovecot
|
||||||
|
mistakenly trusts the username provided via authentication
|
||||||
|
instead of failing.
|
||||||
|
* ssl_cert_username_field setting was ignored with external
|
||||||
|
SMTP AUTH, because none of the MTAs (Postfix, Exim) currently
|
||||||
|
send the cert_username field. This may have allowed users with
|
||||||
|
trusted certificate to specify any username in the
|
||||||
|
authentication. This bug didn't affect Dovecot's Submission
|
||||||
|
service.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jan 17 21:57:42 UTC 2019 - Arjen de Korte <suse+build@de-korte.org>
|
Thu Jan 17 21:57:42 UTC 2019 - Arjen de Korte <suse+build@de-korte.org>
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package dovecot23
|
# spec file for package dovecot23
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -17,10 +17,10 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: dovecot23
|
Name: dovecot23
|
||||||
Version: 2.3.4
|
Version: 2.3.4.1
|
||||||
Release: 0
|
Release: 0
|
||||||
%define pkg_name dovecot
|
%define pkg_name dovecot
|
||||||
%define dovecot_version 2.3.4
|
%define dovecot_version 2.3.4.1
|
||||||
%define dovecot_pigeonhole_version 0.5.4
|
%define dovecot_pigeonhole_version 0.5.4
|
||||||
%define dovecot_branch 2.3
|
%define dovecot_branch 2.3
|
||||||
%define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
|
%define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user