dovecot

rpms/dovecot

Fork 0

Commit Graph

Author	SHA1	Message	Date
Michal Hlavinka	91c7c1a6c5	dovecot updated to 2.3.15, pigeonhole updated to 0.5.15 CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access (#1979833) CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client Add TSLv1.3 support to min_protocols. Resolves: #1979833	2021-07-21 11:29:52 +02:00
DistroBaker	68b9de8c8e	Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/dovecot.git#5e0f363767b1b657a23527c548fee894e73809df	2021-01-04 11:44:19 +00:00

Author

SHA1

Message

Date

Michal Hlavinka

91c7c1a6c5

dovecot updated to 2.3.15, pigeonhole updated to 0.5.15

CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
  JWT tokens. This may be used to supply attacker controlled keys to
  validate tokens, if attacker has local access (#1979833)
CVE-2021-33515: On-path attacker could have injected plaintext commands
  before STARTTLS negotiation that would be executed after STARTTLS
  finished with the client
Add TSLv1.3 support to min_protocols.
Resolves: #1979833

2021-07-21 11:29:52 +02:00

DistroBaker

68b9de8c8e

Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/dovecot.git#5e0f363767b1b657a23527c548fee894e73809df

2021-01-04 11:44:19 +00:00

2 Commits