Marcus Rueckert
e5278c2201
- update to 2.3.11.3 and pigeonhole to 0.5.11
Dovecot 2.3.11.3
- pop3-login: Login didn't handle commands in multiple IP packets properly.
This mainly affected large XCLIENT commands or a large SASL initial
response parameter in the AUTH command.
- pop3: pop3_deleted_flag setting was broken, causing:
Panic: file seq-range-array.c: line 472 (seq_range_array_invert):
assertion failed: (range[count-1].seq2 <= max_seq)
Dovecot 2.3.11.2
- auth: Lua passdb/userdb leaks stack elements per call, eventually
causing the stack to become too deep and crashing the auth or
auth-worker process.
- lib-mail: v2.3.11 regression: MIME parts not returned correctly by
Dovecot MIME parser.
- pop3-login: Login would fail with "Input buffer full" if the initial
response for SASL was too long.
Dovecot 2.3.11
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Events: Fix inconsistency in events. See event documentation in
https://doc.dovecot.org.
OBS-URL: https://build.opensuse.org/request/show/826219
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=76
18 lines
866 B
Standard ML
18 lines
866 B
Standard ML
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAl8z40wXHGRvdmVjb3Qt
|
|
Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaFrkw//c5eVa6F4iC8Fl9YAnBAqzYi5
|
|
d2Jy4kOYCLJnSq1FTp+0Bh6iyxIFBVFanubpqNoxxNtvzbjuKGlpB+a4yvvyY4tf
|
|
zjOvOtAVxzxvVurMxinnLjLtNdUSP55IDWmOVBZC3XipbrkCTkkpbnZBlcm9YxTJ
|
|
9+wT4KWX8o+hddNZZ7A7GVb4J1eHeAdAkXslWSzCBPRhsSFKvUPmZtklbxfZCZiw
|
|
Ug7MspDT60oFOkRGiZ08CYbYsNKw7MFeqXxEIAHq/XX64blE3i3XudTq1m4I3j9V
|
|
1+Pzr8UB1qXG3zP1Tysdhn06GzwU3BVrWTrr8QmaYaQtWM1LC/ffF0uqVzWSNrud
|
|
yMoGc3n2bH7CZmtiIFBLhNohe9MkUusTjKSKxj7659tH/Pq+I1XZ8dtXc0eNaNUi
|
|
LYKmGf0l3T4cyB+INWN/1sLMsUJ25XhUABJo0C5Ovv8jsSqoPE/sglvBNLqad+cy
|
|
tvPm6JrivOu2hMgSMjCfc5Z3/I6Qyv9m3HVg1V08HlT9T+TDpW3V3zLfYHI9UZib
|
|
UjAKI5Fs4HYvv2v03irqlo9rkfpWCrtrd4G1dG3erM9rWe68vewtUP9nMI9UYC3g
|
|
jClpSmg2o8uZj0imj60JE0+HoBLa+tk52M2Umiil0EVAE9dbT91qdWaeP+pylDvM
|
|
oRClJm6uemmLrtE9MHk=
|
|
=rtpE
|
|
-----END PGP SIGNATURE-----
|