projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9e7fda9) | patch
package/dovecot: security bump to version 2.3.5.1
authorPeter Korsgaard <peter@korsgaard.com>
Sat, 30 Mar 2019 19:53:52 +0000 (20:53 +0100)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Sun, 31 Mar 2019 10:06:53 +0000 (12:06 +0200)
commite3c53aa8a1eeff63cfe7a5e80ad00cce503119cd
treea2582c5535a21b709f971c6a4cab7f4b3ea5bd44tree
parent9e7fda9d5a73dcd13d2c8847a16c9e5285346edecommit | diff
package/dovecot: security bump to version 2.3.5.1

Fixes the following security issue:

 * CVE-2019-7524: Missing input buffer size validation leads into
   arbitrary buffer overflow when reading fts or pop3 uidl header
   from Dovecot index. Exploiting this requires direct write access to
   the index files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/dovecot/dovecot.hash diff | blob | history
package/dovecot/dovecot.mk diff | blob | history