Marcus Rueckert
e5278c2201
- update to 2.3.11.3 and pigeonhole to 0.5.11
Dovecot 2.3.11.3
- pop3-login: Login didn't handle commands in multiple IP packets properly.
This mainly affected large XCLIENT commands or a large SASL initial
response parameter in the AUTH command.
- pop3: pop3_deleted_flag setting was broken, causing:
Panic: file seq-range-array.c: line 472 (seq_range_array_invert):
assertion failed: (range[count-1].seq2 <= max_seq)
Dovecot 2.3.11.2
- auth: Lua passdb/userdb leaks stack elements per call, eventually
causing the stack to become too deep and crashing the auth or
auth-worker process.
- lib-mail: v2.3.11 regression: MIME parts not returned correctly by
Dovecot MIME parser.
- pop3-login: Login would fail with "Input buffer full" if the initial
response for SASL was too long.
Dovecot 2.3.11
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Events: Fix inconsistency in events. See event documentation in
https://doc.dovecot.org.
OBS-URL: https://build.opensuse.org/request/show/826219
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=76
18 lines
866 B
Standard ML
18 lines
866 B
Standard ML
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAl805/8XHGRvdmVjb3Qt
|
|
Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaEyaxAAlssO1IX8UH/Dj7r3i6efjbtF
|
|
lJ0pjPc5fvBYBs9q5OUD7q70H70JwmsbEjSHFGDPqOMA302BbWVLwPgVKx37LUe8
|
|
sCtIGHrc+Q4lr/tU30NMcb+FEhk0Llzov9HTGjCltotN33jSZGIrcclLM2WHevD5
|
|
FVJZH/zs23TP0/9tAjjUsGsVjq8lE9E+KNZpKHT4oyl1T58lTy+sN4O9QHW8xYX2
|
|
sORuOeEMDcKoEQFegr9EJ3s1Wa0QtaI7NbfAKSUYiKQXmlSOfloOoWF65JbBgWfG
|
|
ANujVGnUP9Q9RFQJAeB4K51djKZVH5xp2ovQKYOsCivW12Ma2Ols29+Cxwc/K4ob
|
|
9HcrmZJWIfAt6PK64U+8JAt2h4/VLQSPvGcjaQ9P728Z52K4e7wJe4oUotpN7xFn
|
|
/JLXyC4Mpgn0ZLpNPuQ8mYq3NBxU+27ZLPDAeymQJNaqzP1U6NzQ5jjxBBMf1JYg
|
|
Dk9TZQgDZ3rX5Gr7E8Tcs0Hst+14eSI1ARS7/jHU2KvsNAm4b9/+qRXAi5kl62XF
|
|
u94tgym0Ha7AaSiPh5MHwsAxOPmS+0n3eKwcjjdDNb6SIorjtPHwZ6udWxy9Ecg2
|
|
paUqBy6E023h4tG537BPocxGQzzW14WqBt0ATAMRiUHHD/eBvMIMzSrol+vrdXtX
|
|
e9Xo7nAZZsq+8kURfEE=
|
|
=kwRh
|
|
-----END PGP SIGNATURE-----
|