]> git.pld-linux.org Git - packages/dovecot.git/commit
projects / packages / dovecot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b5fe204) | patch
- up to 2.3.11.3 auto/th/dovecot-2.3.11.3-1
authorArkadiusz Miśkiewicz <arekm@maven.pl>
Thu, 13 Aug 2020 15:00:09 +0000 (17:00 +0200)
committerArkadiusz Miśkiewicz <arekm@maven.pl>
Thu, 13 Aug 2020 15:00:09 +0000 (17:00 +0200)
commitd5371f6c089ecd739c9ddc502a324dcd423c57ef
tree283121e575438d7d3fe37dc5a61267c260ac36fdtree | snapshot
parentb5fe20444dc51da5a7aba2761e0b867026ada358commit | diff
- up to 2.3.11.3

Fixes:
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
  have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.
dovecot.spec diff | blob | blame | history
IMAP and POP3 server written with security primarily in mind
This page took 0.05412 seconds and 4 git commands to generate.