dovecot

rpms/dovecot

Fork 0

Commit Graph

Author	SHA1	Message	Date
Michal Hlavinka	f838a05fb9	dovecot updated to 2.3.15, pigeonhole updated to 0.5.15 CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Add TSLv1.3 support to min_protocols. Allow configuring ssl_cipher_suites. (for TLSv1.3+)	2021-06-21 23:25:54 +02:00

Author

SHA1

Message

Date

Michal Hlavinka

f838a05fb9

dovecot updated to 2.3.15, pigeonhole updated to 0.5.15

CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
  JWT tokens. This may be used to supply attacker controlled keys to
  validate tokens, if attacker has local access.
CVE-2021-33515: On-path attacker could have injected plaintext commands
  before STARTTLS negotiation that would be executed after STARTTLS
  finished with the client.
Add TSLv1.3 support to min_protocols.
Allow configuring ssl_cipher_suites. (for TLSv1.3+)

2021-06-21 23:25:54 +02:00

1 Commits