From c4e66bf29778aa908204979c13f6e64005b246f0 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 29 Aug 2019 09:44:35 +0200 Subject: [PATCH] dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2 fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes --- dovecot.spec | 10 ++++++++-- sources | 4 ++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 7ee0d5e..eba9723 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.7.1 +Version: 2.3.7.2 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.7.1 +%global pigeonholever 0.5.7.2 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -493,6 +493,12 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Aug 29 2019 Michal Hlavinka - 1:2.3.7.2-1 +- dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2 +- fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte + when scanning data in quoted strings, leading to out of bounds heap + memory writes + * Mon Aug 19 2019 Michal Hlavinka - 1:1-2.3.7.1 - dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1 diff --git a/sources b/sources index 8b8981e..9a8ce1a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.7.1.tar.gz) = 9addfe2be9ae745ac9164e1658e6638df96bd611d45f172e2cd1cb2c6596e4ce534674e9eea3c1d17f497555061031916e0fb9a9fbc6de0eb6034e2fd0bed3b9 -SHA512 (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 121eac4ad8bc1ddc55c554d00338bb553590b6aedffcb11e34f6cba102d59bd34580cb7218bd5fe820038c004d12db73f7a27ca135c3d4a12c4449bae3216355 +SHA512 (dovecot-2.3.7.2.tar.gz) = 172f7f0edb884259e4c050607510aee67a35c3a20b7dd147e7c8a25a04921c18f7d6b5c85af2c69ae8c4d53791550970e471b033dbfae94253e331053b6a317d +SHA512 (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = 7fc8d89ee31c8e8c16a9aeaeffb591f4188de36fc80e3a30a9ae10bc5acd7ea5d5d91e077fda566e61d588d9221ec53044ce17a9cc0c9c219dbe6824558a1d60