buildroot/package/dovecot
Peter Korsgaard 250535975d package/dovecot: security bump to version 2.3.9.3
Fixes the following security issues:

- CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and
  lmtp processes
  lib-smtp doesn't handle truncated command parameters properly, resulting
  in infinite loop taking 100% CPU for the process.  This happens for LMTP
  (where it doesn't matter so much) and also for submission-login where
  unauthenticated users can trigger it.

- CVE-2020-7957: Specially crafted mail can crash snippet generation
  Snippet generation crashes if:
  - message is large enough that message-parser returns multiple body
    blocks
  - The first block(s) don't contain the full snippet (e.g.  full of
    whitespace)
  - input ends with '>'

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-15 11:50:40 +01:00
..
0001-byteorder.h-fix-uclibc-build.patch
0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch package/dovecot: bump version to 2.3.9.2 2020-01-04 16:09:57 +01:00
Config.in
dovecot.hash package/dovecot: security bump to version 2.3.9.3 2020-02-15 11:50:40 +01:00
dovecot.mk package/dovecot: security bump to version 2.3.9.3 2020-02-15 11:50:40 +01:00