* [Buildroot] [PATCH 1/2] package/dovecot: security bump version to 2.3.7.2
@ 2019-08-28 14:13 Bernd Kuhls
2019-08-28 14:13 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: security bump version to 0.5.7.2 Bernd Kuhls
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Bernd Kuhls @ 2019-08-28 14:13 UTC (permalink / raw)
To: buildroot
Release notes:
https://dovecot.org/pipermail/dovecot/2019-August/116874.html
Fixes
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/dovecot/dovecot.hash | 2 +-
package/dovecot/dovecot.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/dovecot/dovecot.hash b/package/dovecot/dovecot.hash
index e0d7e14bea..3d78af0092 100644
--- a/package/dovecot/dovecot.hash
+++ b/package/dovecot/dovecot.hash
@@ -1,5 +1,5 @@
# Locally computed after checking signature
-sha256 c5a51d6f76e6e9c843df69e52a364a4c65c4c60e0c51d992eaa45f22f71803c3 dovecot-2.3.7.1.tar.gz
+sha256 666ce084760a47e601d49a9be3c7993c48789d332631e8dfb45f443b367b1260 dovecot-2.3.7.2.tar.gz
sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT
diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk
index 859d64f026..65c2bcef69 100644
--- a/package/dovecot/dovecot.mk
+++ b/package/dovecot/dovecot.mk
@@ -5,7 +5,7 @@
################################################################################
DOVECOT_VERSION_MAJOR = 2.3
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).7.1
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).7.2
DOVECOT_SITE = https://dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
DOVECOT_INSTALL_STAGING = YES
DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: security bump version to 0.5.7.2
2019-08-28 14:13 [Buildroot] [PATCH 1/2] package/dovecot: security bump version to 2.3.7.2 Bernd Kuhls
@ 2019-08-28 14:13 ` Bernd Kuhls
2019-08-28 15:16 ` Peter Korsgaard
2019-09-02 16:10 ` Peter Korsgaard
2019-08-28 15:16 ` [Buildroot] [PATCH 1/2] package/dovecot: security bump version to 2.3.7.2 Peter Korsgaard
2019-09-02 16:10 ` Peter Korsgaard
2 siblings, 2 replies; 6+ messages in thread
From: Bernd Kuhls @ 2019-08-28 14:13 UTC (permalink / raw)
To: buildroot
Release notes:
https://dovecot.org/pipermail/dovecot/2019-August/116876.html
Fixes
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
NUL byte when scanning data in quoted strings, leading to out of
bounds heap memory writes. Found by Nick Roessler and Rafi Rubin.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/dovecot-pigeonhole/dovecot-pigeonhole.hash | 2 +-
package/dovecot-pigeonhole/dovecot-pigeonhole.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/dovecot-pigeonhole/dovecot-pigeonhole.hash b/package/dovecot-pigeonhole/dovecot-pigeonhole.hash
index 6435aa9ccf..eac675505c 100644
--- a/package/dovecot-pigeonhole/dovecot-pigeonhole.hash
+++ b/package/dovecot-pigeonhole/dovecot-pigeonhole.hash
@@ -1,3 +1,3 @@
# Locally computed after checking signature
-sha256 3270b24c1f75a7c144f54d6d08ce994176e39c2cdb3ac4dd80ad5e64aaaa2028 dovecot-2.3-pigeonhole-0.5.7.1.tar.gz
+sha256 d59d0c5c5225a126e5b98bf95d75e8dd368bdeeb3da2e9766dbe4fddaa9411b0 dovecot-2.3-pigeonhole-0.5.7.2.tar.gz
sha256 fc9e9522216f2a9a28b31300e3c73c1df56acc27dfae951bf516e7995366b51a COPYING
diff --git a/package/dovecot-pigeonhole/dovecot-pigeonhole.mk b/package/dovecot-pigeonhole/dovecot-pigeonhole.mk
index ecde286ffa..43519499c4 100644
--- a/package/dovecot-pigeonhole/dovecot-pigeonhole.mk
+++ b/package/dovecot-pigeonhole/dovecot-pigeonhole.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DOVECOT_PIGEONHOLE_VERSION = 0.5.7.1
+DOVECOT_PIGEONHOLE_VERSION = 0.5.7.2
DOVECOT_PIGEONHOLE_SOURCE = dovecot-2.3-pigeonhole-$(DOVECOT_PIGEONHOLE_VERSION).tar.gz
DOVECOT_PIGEONHOLE_SITE = https://pigeonhole.dovecot.org/releases/2.3
DOVECOT_PIGEONHOLE_LICENSE = LGPL-2.1
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/2] package/dovecot: security bump version to 2.3.7.2
2019-08-28 14:13 [Buildroot] [PATCH 1/2] package/dovecot: security bump version to 2.3.7.2 Bernd Kuhls
2019-08-28 14:13 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: security bump version to 0.5.7.2 Bernd Kuhls
@ 2019-08-28 15:16 ` Peter Korsgaard
2019-09-02 16:10 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2019-08-28 15:16 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Release notes:
> https://dovecot.org/pipermail/dovecot/2019-August/116874.html
> Fixes
> * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
> when scanning data in quoted strings, leading to out of bounds heap
> memory writes. Found by Nick Roessler and Rafi Rubin.
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: security bump version to 0.5.7.2
2019-08-28 14:13 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: security bump version to 0.5.7.2 Bernd Kuhls
@ 2019-08-28 15:16 ` Peter Korsgaard
2019-09-02 16:10 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2019-08-28 15:16 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Release notes:
> https://dovecot.org/pipermail/dovecot/2019-August/116876.html
> Fixes
> * CVE-2019-11500: ManageSieve protocol parser does not properly handle
> NUL byte when scanning data in quoted strings, leading to out of
> bounds heap memory writes. Found by Nick Roessler and Rafi Rubin.
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/2] package/dovecot: security bump version to 2.3.7.2
2019-08-28 14:13 [Buildroot] [PATCH 1/2] package/dovecot: security bump version to 2.3.7.2 Bernd Kuhls
2019-08-28 14:13 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: security bump version to 0.5.7.2 Bernd Kuhls
2019-08-28 15:16 ` [Buildroot] [PATCH 1/2] package/dovecot: security bump version to 2.3.7.2 Peter Korsgaard
@ 2019-09-02 16:10 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2019-09-02 16:10 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Release notes:
> https://dovecot.org/pipermail/dovecot/2019-August/116874.html
> Fixes
> * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
> when scanning data in quoted strings, leading to out of bounds heap
> memory writes. Found by Nick Roessler and Rafi Rubin.
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed to 2019.02.x and 2019.05.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: security bump version to 0.5.7.2
2019-08-28 14:13 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: security bump version to 0.5.7.2 Bernd Kuhls
2019-08-28 15:16 ` Peter Korsgaard
@ 2019-09-02 16:10 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2019-09-02 16:10 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Release notes:
> https://dovecot.org/pipermail/dovecot/2019-August/116876.html
> Fixes
> * CVE-2019-11500: ManageSieve protocol parser does not properly handle
> NUL byte when scanning data in quoted strings, leading to out of
> bounds heap memory writes. Found by Nick Roessler and Rafi Rubin.
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed to 2019.02.x and 2019.05.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-09-02 16:10 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-08-28 14:13 [Buildroot] [PATCH 1/2] package/dovecot: security bump version to 2.3.7.2 Bernd Kuhls
2019-08-28 14:13 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: security bump version to 0.5.7.2 Bernd Kuhls
2019-08-28 15:16 ` Peter Korsgaard
2019-09-02 16:10 ` Peter Korsgaard
2019-08-28 15:16 ` [Buildroot] [PATCH 1/2] package/dovecot: security bump version to 2.3.7.2 Peter Korsgaard
2019-09-02 16:10 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.