import evolution-data-server-3.28.5-15.el8
This commit is contained in:
CentOS Sources
parent
483d2ef8e9
commit
c25eeab93f
|
|
@ -0,0 +1,13 @@
|
|||
diff -up evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c.CVE-2020-16117 evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c
|
||||
--- evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c.CVE-2020-16117 2018-07-30 15:17:06.000000000 +0200
|
||||
+++ evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c 2020-09-30 09:10:32.240788043 +0200
|
||||
@@ -2979,7 +2979,8 @@ connected:
|
||||
|
||||
/* See if we got new capabilities
|
||||
* in the STARTTLS response. */
|
||||
- imapx_free_capability (is->priv->cinfo);
|
||||
+ if (is->priv->cinfo)
|
||||
+ imapx_free_capability (is->priv->cinfo);
|
||||
is->priv->cinfo = NULL;
|
||||
if (ic->status->condition == IMAPX_CAPABILITY) {
|
||||
is->priv->cinfo = ic->status->u.cinfo;
|
||||
|
|
@ -32,7 +32,7 @@
|
|||
|
||||
Name: evolution-data-server
|
||||
Version: 3.28.5
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
Group: System Environment/Libraries
|
||||
Summary: Backend data server for Evolution
|
||||
License: LGPLv2+
|
||||
|
|
@ -85,6 +85,9 @@ Patch10: evolution-data-server-3.28.5-test-cal-meta-backend-without-evolution.pa
|
|||
# RH bug #1859141
|
||||
Patch11: evolution-data-server-3.28.5-CVE-2020-14928.patch
|
||||
|
||||
# RH bug #1862403
|
||||
Patch12: evolution-data-server-3.28.5-CVE-2020-16117.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
Requires: dconf
|
||||
|
|
@ -215,6 +218,7 @@ the functionality of the installed %{name} package.
|
|||
%patch09 -p1 -b .delay-new-module-load
|
||||
%patch10 -p1 -b .test-cal-meta-backend-without-evolution
|
||||
%patch11 -p1 -b .CVE-2020-14928
|
||||
%patch12 -p1 -b .CVE-2020-16117
|
||||
|
||||
%build
|
||||
|
||||
|
|
@ -476,6 +480,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
|
|||
%{_datadir}/installed-tests
|
||||
|
||||
%changelog
|
||||
* Wed Sep 30 2020 Milan Crha <mcrha@redhat.com> - 3.28.5-15
|
||||
- Resolves: #1862403 (CVE-2020-16117: Crash on malformed server response with minimal capabilities)
|
||||
|
||||
* Thu Jul 23 2020 Milan Crha <mcrha@redhat.com> - 3.28.5-14
|
||||
- Resolves: #1859141 (CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue