git.libre-soc.org Git - buildroot.git/commit

author	Bernd Kuhls <bernd.kuhls@t-online.de>
	Tue, 18 Aug 2020 16:54:36 +0000 (18:54 +0200)
committer	Thomas Petazzoni <thomas.petazzoni@bootlin.com>
	Tue, 18 Aug 2020 21:44:18 +0000 (23:44 +0200)
commit	6db0ea91ef94f6a6f3f5c4d1847733cd23679587
tree	940343d64aaab44244b0d051c848de4921b10e12	tree
parent	87fb8365d82eff58695e555f8191ceec14c72dfa	commit \| diff

package/dovecot: security bump version to 2.3.11.3

Release notes:
https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html

Fixes the following CVEs:

* CVE-2020-12100: Parsing mails with a large number of MIME parts could
  have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/dovecot/dovecot.hash		diff \| blob \| history
package/dovecot/dovecot.mk		diff \| blob \| history