[Buildroot] [PATCH 1/1] package/dovecot: security bump version to 2.3.11.3
Peter Korsgaard
peter at korsgaard.com
Fri Aug 28 16:52:49 UTC 2020
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:
> Release notes:
> https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html
> Fixes the following CVEs:
> * CVE-2020-12100: Parsing mails with a large number of MIME parts could
> have resulted in excessive CPU usage or a crash due to running out of
> stack memory.
> * CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
> message buffer size, which leads to reading past allocation which can
> lead to crash.
> * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
> address that has the empty quoted string as local-part causes the lmtp
> service to crash.
> * CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
> zero-length message, which leads to assert-crash later on.
> Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list