- up to 2.3.11.3

Fixes:
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
  have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.

diff --git a/dovecot.spec b/dovecot.spec
index 07e5835596cf37c710994a24b14bb27569d93753..5de61d6308cd03646ce77937536e5cc49508df4b 100644 (file)
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -12,13 +12,13 @@
 Summary:       IMAP and POP3 server written with security primarily in mind
 Summary(pl.UTF-8):     Serwer IMAP i POP3 pisany głównie z myślą o bezpieczeństwie
 Name:          dovecot
-Version:       2.3.10.1
-Release:       2
+Version:       2.3.11.3
+Release:       1
 Epoch:         1
 License:       MIT (libraries), LGPL v2.1 (the rest)
 Group:         Networking/Daemons
 Source0:       http://dovecot.org/releases/2.3/%{name}-%{version}.tar.gz
-# Source0-md5: dfa416e58dd7132264847c59957b519c
+# Source0-md5: f06f2272fad04e7b0207f8d00a291f66
 Source1:       %{name}.pamd
 Source2:       %{name}.init
 Source3:       %{name}.sysconfig