dovecot

rpms

dovecot

Fork 0

Commit Graph

Author	SHA1	Message	Date
Michal Hlavinka	91c7c1a6c5	dovecot updated to 2.3.15, pigeonhole updated to 0.5.15 CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access (#1979833) CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client Add TSLv1.3 support to min_protocols. Resolves: #1979833	2021-07-21 11:29:52 +02:00
Petr Šabata	a4ed96afc1	RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/dovecot#29ed947aaea4a89dbadcab2fd9c843ae48a7d156	2020-10-14 23:50:22 +02:00

Author

SHA1

Message

Date

Michal Hlavinka

91c7c1a6c5

dovecot updated to 2.3.15, pigeonhole updated to 0.5.15

CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
  JWT tokens. This may be used to supply attacker controlled keys to
  validate tokens, if attacker has local access (#1979833)
CVE-2021-33515: On-path attacker could have injected plaintext commands
  before STARTTLS negotiation that would be executed after STARTTLS
  finished with the client
Add TSLv1.3 support to min_protocols.
Resolves: #1979833

2021-07-21 11:29:52 +02:00

Petr Šabata

a4ed96afc1

RHEL 9.0.0 Alpha bootstrap

The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/dovecot#29ed947aaea4a89dbadcab2fd9c843ae48a7d156

2020-10-14 23:50:22 +02:00

2 Commits