Commit Graph

2 Commits

Author SHA1 Message Date
Michal Hlavinka
91c7c1a6c5 dovecot updated to 2.3.15, pigeonhole updated to 0.5.15
CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
  JWT tokens. This may be used to supply attacker controlled keys to
  validate tokens, if attacker has local access (#1979833)
CVE-2021-33515: On-path attacker could have injected plaintext commands
  before STARTTLS negotiation that would be executed after STARTTLS
  finished with the client
Add TSLv1.3 support to min_protocols.
Resolves: #1979833
2021-07-21 11:29:52 +02:00
DistroBaker
68b9de8c8e Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/dovecot.git#5e0f363767b1b657a23527c548fee894e73809df
2021-01-04 11:44:19 +00:00