f838a05fb9
CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Add TSLv1.3 support to min_protocols. Allow configuring ssl_cipher_suites. (for TLSv1.3+)
25 lines
1.3 KiB
Diff
25 lines
1.3 KiB
Diff
diff -up dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c
|
|
--- dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-06-21 23:07:55.269814896 +0200
|
|
+++ dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-06-21 23:07:55.298814544 +0200
|
|
@@ -109,7 +109,7 @@ static int sieve_dict_script_get_stream
|
|
{
|
|
struct sieve_dict_script *dscript =
|
|
(struct sieve_dict_script *)script;
|
|
- const char *path, *name = script->name, *data, *error;
|
|
+ const char *path, *name = script->name, *data, *error = NULL;
|
|
int ret;
|
|
|
|
dscript->data_pool =
|
|
diff -up dovecot-2.3.15/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.3.15/src/lib-storage/index/index-attribute.c
|
|
--- dovecot-2.3.15/src/lib-storage/index/index-attribute.c.fixvalcond 2021-06-14 15:40:37.000000000 +0200
|
|
+++ dovecot-2.3.15/src/lib-storage/index/index-attribute.c 2021-06-21 21:52:22.963171229 +0200
|
|
@@ -249,7 +249,7 @@ int index_storage_attribute_get(struct m
|
|
struct mail_attribute_value *value_r)
|
|
{
|
|
struct dict *dict;
|
|
- const char *mailbox_prefix, *error;
|
|
+ const char *mailbox_prefix, *error = NULL;
|
|
int ret;
|
|
|
|
i_zero(value_r);
|