import evolution-data-server-3.28.5-15.el8

This commit is contained in:
CentOS Sources 2021-05-18 02:47:53 -04:00 committed by Andrew Lukoshko
parent 483d2ef8e9
commit c25eeab93f
2 changed files with 21 additions and 1 deletions

View File

@ -0,0 +1,13 @@
diff -up evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c.CVE-2020-16117 evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c
--- evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c.CVE-2020-16117 2018-07-30 15:17:06.000000000 +0200
+++ evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c 2020-09-30 09:10:32.240788043 +0200
@@ -2979,7 +2979,8 @@ connected:
/* See if we got new capabilities
* in the STARTTLS response. */
- imapx_free_capability (is->priv->cinfo);
+ if (is->priv->cinfo)
+ imapx_free_capability (is->priv->cinfo);
is->priv->cinfo = NULL;
if (ic->status->condition == IMAPX_CAPABILITY) {
is->priv->cinfo = ic->status->u.cinfo;

View File

@ -32,7 +32,7 @@
Name: evolution-data-server Name: evolution-data-server
Version: 3.28.5 Version: 3.28.5
Release: 14%{?dist} Release: 15%{?dist}
Group: System Environment/Libraries Group: System Environment/Libraries
Summary: Backend data server for Evolution Summary: Backend data server for Evolution
License: LGPLv2+ License: LGPLv2+
@ -85,6 +85,9 @@ Patch10: evolution-data-server-3.28.5-test-cal-meta-backend-without-evolution.pa
# RH bug #1859141 # RH bug #1859141
Patch11: evolution-data-server-3.28.5-CVE-2020-14928.patch Patch11: evolution-data-server-3.28.5-CVE-2020-14928.patch
# RH bug #1862403
Patch12: evolution-data-server-3.28.5-CVE-2020-16117.patch
### Dependencies ### ### Dependencies ###
Requires: dconf Requires: dconf
@ -215,6 +218,7 @@ the functionality of the installed %{name} package.
%patch09 -p1 -b .delay-new-module-load %patch09 -p1 -b .delay-new-module-load
%patch10 -p1 -b .test-cal-meta-backend-without-evolution %patch10 -p1 -b .test-cal-meta-backend-without-evolution
%patch11 -p1 -b .CVE-2020-14928 %patch11 -p1 -b .CVE-2020-14928
%patch12 -p1 -b .CVE-2020-16117
%build %build
@ -476,6 +480,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
%{_datadir}/installed-tests %{_datadir}/installed-tests
%changelog %changelog
* Wed Sep 30 2020 Milan Crha <mcrha@redhat.com> - 3.28.5-15
- Resolves: #1862403 (CVE-2020-16117: Crash on malformed server response with minimal capabilities)
* Thu Jul 23 2020 Milan Crha <mcrha@redhat.com> - 3.28.5-14 * Thu Jul 23 2020 Milan Crha <mcrha@redhat.com> - 3.28.5-14
- Resolves: #1859141 (CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3) - Resolves: #1859141 (CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3)