pool/dovecot23
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 695556 from server:mail

Browse Source 
- update to 2.3.5.2 (boo#1132501)
  * CVE-2019-10691: Trying to login with 8bit username containing
    invalid UTF8 input causes auth process to crash if auth policy
    is enabled. This could be used rather easily to cause a DoS.
    Similar crash also happens during mail delivery when using
    invalid UTF8 in From or Subject header when OX push
    notification driver is used.

- update to 2.3.5.1 (boo#1130116)

OBS-URL: https://build.opensuse.org/request/show/695556
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=17
This commit is contained in:
Dominique Leuenberger 2019-04-19 16:38:42 +00:00 committed by Git OBS Bridge
commit 8d2188ca9a
6 changed files with 34 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dovecot-2.3.5.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d78f9d479e3b2caa808160f86bfec1c9c7b46344d8b14b88f5fa9bbbf8c7c33f
size 6953150

17
dovecot-2.3.5.1.tar.gz.sig
View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAlyYoFMXHGRvdmVjb3Qt
Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaHamhAAkKY08CH7HxUio95L4d2IUS7t
W7XsCahhsAmhGWyCVTheT2o/3AVPuKW++6nomKwuFmPJFrFdFVmVAhX9tjyNcgHJ
YGH1IKy0DrV0RKAkYSvJcooyWXaqejTEQ7E/Ad94ldhGF1twa8xX+8Hr/1QY9cnB
1YuqczirsaU+fI9wBc4Dogt3RfA/r36/jGQKNlQYxf9/KTSV1QXtqKQRQWaBsDni
W4+ovuXlVNB3B5/aKUylsxHHUWYX5Ls4kk6+qpdKqTw9/WImuWPy7x5byRR3ycIP
EI31S1LjipM/oe/o0VKHserJCAf8Wkvj8f1t6ZzYFY7LQwj0Lge0FQ8jVctBhv+P
mFtX3L/tv7GN7k+nsH27jCFPfTlyGD9kN2UivUIXsiDkgRJI3ifcDvIuF1VnEybD
+IQksd3eMCHfV9NnFcIy4X7FiHxTz1S2FTFlb8nbr1CirehV4WJt5x27FDZjVHXP
mAvRY/iNkzRWEHbrTrgb9I9OUA5mXE2v3lox7WIPJwh+Nc8USS8/O0jFXPE7am5x
SspQ+2ZAOhLja2fp7wLZR2vxMXyjXAFT0teGoTq67fTPX8OKDgbNjFCKR4ROJKU8
d33KfXt8N4MPi6F9LZTm352248+jFUI4tXV7eJp6Aw9k8jje9OJzBfPYIdBgd2rD
EBi+rfFY/GcORlMO6Wc=
=RY2x
-----END PGP SIGNATURE-----

3
dovecot-2.3.5.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ba14e41aefd81a868a35b83bcb54194116106424d37690519b50ea83c0f31bf2
size 6953228

17
dovecot-2.3.5.2.tar.gz.sig Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAly4Op0XHGRvdmVjb3Qt
Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGNmBAAmVTk1EHLtY++LjMAwax5mDQ1
rwnoGWcCTCVrM7s7FAehvQ+FXnDTtHEWcWzxvjngm58jFBr+H/1NfAYR8srLfHc7
ucj4Xt9Fyl++pGyUXKS+RTZP+rcI6nt/AmPBqG/WaaMGKI04jFzNw2MMIJ2afOI6
MJbDOCZm6PDQiCAw7xJ2RaD021irAvZu1Xa1mVq2eZb5vrU8heVfOwZhyVU6H8bD
xaYbhvMNB7CHl3xMQDFNKLlArxEiAQgm4akVvC1NzCkkR87RwZfjjQZfdVd2xlx2
x2Jm33WrGPumXlpWNqPCrwKgynLJ0qgZZ78c9pwsIGW8Nq+LxK6z1hDdCbUjjTGj
AOYqxXuD9yJfKYFAL9y1YSY/BEVGrBK30RQdQxXb/xqQ6bxIysxPjSg7lWetclQO
XzyJlKV2qP8zjAjZisY4T4WGJm9zLX1JK6cojenjZBapRuGF9ro+QulZZtRCtljf
7jrOQLir8LjhA0KCH8mlPps33qyzVpOKmLtZ2w9MGIQowHQUAQA3G2EBp7h2pNm2
dFW/I+F6sU2CFBm9lvuLV4BWt2y9VZsaz7uk0NdUscPJ4i0XBQnoa7CEOzj1SXnR
R58tqxtXoelX/XmUsd6JWeW1jDaS/dGaxe30zSMKwZR3zKP7T+pJmKhHwRxwo1G8
Z3qiNsmMUycFz06VMho=
=t6Fw
-----END PGP SIGNATURE-----

13
dovecot23.changes
View File

@ -1,7 +1,18 @@
-------------------------------------------------------------------
Thu Apr 18 11:40:06 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- update to 2.3.5.2 (boo#1132501)
* CVE-2019-10691: Trying to login with 8bit username containing
invalid UTF8 input causes auth process to crash if auth policy
is enabled. This could be used rather easily to cause a DoS.
Similar crash also happens during mail delivery when using
invalid UTF8 in From or Subject header when OX push
notification driver is used.
-------------------------------------------------------------------
Thu Mar 28 12:36:55 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- update to 2.3.5.1
- update to 2.3.5.1 (boo#1130116)
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
from Dovecot index. Exploiting this requires direct write

4
dovecot23.spec
View File

@ -17,10 +17,10 @@
Name: dovecot23
Version: 2.3.5.1
Version: 2.3.5.2
Release: 0
%define pkg_name dovecot
%define dovecot_version 2.3.5.1
%define dovecot_version 2.3.5.2
%define dovecot_pigeonhole_version 0.5.5
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}