[prev in list] [next in list] [prev in thread] [next in thread]
List: buildroot
Subject: Re: [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1
From: Peter Korsgaard <peter () korsgaard ! com>
Date: 2020-05-31 21:13:54
Message-ID: 87eeqzkdt9.fsf () dell ! be ! 48ers ! dk
[Download RAW message or body]
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Fix CVE-2020-10957: In Dovecot before 2.3.10.1, unauthenticated
> sending of malformed parameters to a NOOP command causes a NULL
> Pointer Dereference and crash in submission-login, submission, or
> lmtp.
> - Fix CVE-2020-10958: In Dovecot before 2.3.10.1, a crafted SMTP/LMTP
> message triggers an unauthenticated use-after-free bug in
> submission-login, submission, or lmtp, and can lead to a crash under
> circumstances involving many newlines after a command.
> - Fix CVE-2020-10967: In Dovecot before 2.3.10.1, remote
> unauthenticated attackers can crash the lmtp or submission process by
> sending mail with an empty localpart.
> - Drop first patch (already in version) and so autoreconf
> - Update indentation in hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic