From: Arkadiusz Miśkiewicz Date: Thu, 13 Aug 2020 15:00:09 +0000 (+0200) Subject: - up to 2.3.11.3 X-Git-Tag: auto/th/dovecot-2.3.11.3-1 X-Git-Url: http://git.pld-linux.org/gitweb.cgi?a=commitdiff_plain;h=d5371f6c089ecd739c9ddc502a324dcd423c57ef;p=packages%2Fdovecot.git - up to 2.3.11.3 Fixes: * CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory. * CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash. * CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. --- diff --git a/dovecot.spec b/dovecot.spec index 07e5835..5de61d6 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -12,13 +12,13 @@ Summary: IMAP and POP3 server written with security primarily in mind Summary(pl.UTF-8): Serwer IMAP i POP3 pisany głównie z myślą o bezpieczeństwie Name: dovecot -Version: 2.3.10.1 -Release: 2 +Version: 2.3.11.3 +Release: 1 Epoch: 1 License: MIT (libraries), LGPL v2.1 (the rest) Group: Networking/Daemons Source0: http://dovecot.org/releases/2.3/%{name}-%{version}.tar.gz -# Source0-md5: dfa416e58dd7132264847c59957b519c +# Source0-md5: f06f2272fad04e7b0207f8d00a291f66 Source1: %{name}.pamd Source2: %{name}.init Source3: %{name}.sysconfig