CVE-2019-19722: Mails with group addresses in From or To fields

caused crash in push notification drivers.
This commit is contained in:
Michal Hlavinka 2019-12-19 15:17:08 +01:00
parent 29bbb4096a
commit deb9d38bed
2 changed files with 6 additions and 2 deletions

View File

@ -3,7 +3,7 @@
Summary: Secure imap and pop3 server Summary: Secure imap and pop3 server
Name: dovecot Name: dovecot
Epoch: 1 Epoch: 1
Version: 2.3.9 Version: 2.3.9.2
%global prever %{nil} %global prever %{nil}
Release: 1%{?dist} Release: 1%{?dist}
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
@ -496,6 +496,10 @@ make check
%{_libdir}/%{name}/dict/libdriver_pgsql.so %{_libdir}/%{name}/dict/libdriver_pgsql.so
%changelog %changelog
* Thu Dec 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9.2-1
- CVE-2019-19722: Mails with group addresses in From or To fields
caused crash in push notification drivers.
* Wed Dec 04 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9-1 * Wed Dec 04 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9-1
- dovecot updated to 2.3.9, pigeonhole updated to 0.5.9 - dovecot updated to 2.3.9, pigeonhole updated to 0.5.9

View File

@ -1,2 +1,2 @@
SHA512 (dovecot-2.3.9.tar.gz) = 6f7cfebb0d89709d971a6cd623375805dc018c6d8c4cdaa5f274a5a5b0830c2b135c9cf6c90d0983c70ca76e3def855c501ea32aeb7a67b104cb6676bb9d37db SHA512 (dovecot-2.3.9.2.tar.gz) = 36e8270bfa33e2bd6aa89017e65c7d1650c494c79ff297759a4b01c026aebcfdf5b1b542d4357e1f9dc2bb8169ef67064f0699b17ca36d658deb70b4c800b253
SHA512 (dovecot-2.3-pigeonhole-0.5.9.tar.gz) = 1b8d2ac8d3985dde035fc45df519788a924ba971f3e39717f5196ea56a982d4156226586d0a964473525d086967883ea52f2e624e81f7035cb0952b76f2414d8 SHA512 (dovecot-2.3-pigeonhole-0.5.9.tar.gz) = 1b8d2ac8d3985dde035fc45df519788a924ba971f3e39717f5196ea56a982d4156226586d0a964473525d086967883ea52f2e624e81f7035cb0952b76f2414d8