pool/dovecot23
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dovecot23/dovecot-2.3.4.1.tar.gz
Marcus Rueckert 850a9b2907 - update to 2.3.4.1 (boo#1123022) 
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
    trusted certificate with missing username field
    (ssl_cert_username_field), under some configurations Dovecot
    mistakenly trusts the username provided via authentication
    instead of failing.
  * ssl_cert_username_field setting was ignored with external
    SMTP AUTH, because none of the MTAs (Postfix, Exim) currently
    send the cert_username field. This may have allowed users with
    trusted certificate to specify any username in the
    authentication. This bug didn't affect Dovecot's Submission
    service.

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=38
2019-02-05 14:50:04 +00:00

4 lines
132 B
Plaintext
Raw Blame History

version https://git-lfs.github.com/spec/v1
oid sha256:b8873e2ce5c33e58963bb7a8d2ff8427c09dbfdd63e13a0b0f4502864043aa07
size 6925073
Reference in New Issue View Git Blame Copy Permalink