import evolution-data-server-3.28.5-15.el8
This commit is contained in:
parent
483d2ef8e9
commit
c25eeab93f
13
SOURCES/evolution-data-server-3.28.5-CVE-2020-16117.patch
Normal file
13
SOURCES/evolution-data-server-3.28.5-CVE-2020-16117.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -up evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c.CVE-2020-16117 evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c
|
||||||
|
--- evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c.CVE-2020-16117 2018-07-30 15:17:06.000000000 +0200
|
||||||
|
+++ evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c 2020-09-30 09:10:32.240788043 +0200
|
||||||
|
@@ -2979,7 +2979,8 @@ connected:
|
||||||
|
|
||||||
|
/* See if we got new capabilities
|
||||||
|
* in the STARTTLS response. */
|
||||||
|
- imapx_free_capability (is->priv->cinfo);
|
||||||
|
+ if (is->priv->cinfo)
|
||||||
|
+ imapx_free_capability (is->priv->cinfo);
|
||||||
|
is->priv->cinfo = NULL;
|
||||||
|
if (ic->status->condition == IMAPX_CAPABILITY) {
|
||||||
|
is->priv->cinfo = ic->status->u.cinfo;
|
@ -32,7 +32,7 @@
|
|||||||
|
|
||||||
Name: evolution-data-server
|
Name: evolution-data-server
|
||||||
Version: 3.28.5
|
Version: 3.28.5
|
||||||
Release: 14%{?dist}
|
Release: 15%{?dist}
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Summary: Backend data server for Evolution
|
Summary: Backend data server for Evolution
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
@ -85,6 +85,9 @@ Patch10: evolution-data-server-3.28.5-test-cal-meta-backend-without-evolution.pa
|
|||||||
# RH bug #1859141
|
# RH bug #1859141
|
||||||
Patch11: evolution-data-server-3.28.5-CVE-2020-14928.patch
|
Patch11: evolution-data-server-3.28.5-CVE-2020-14928.patch
|
||||||
|
|
||||||
|
# RH bug #1862403
|
||||||
|
Patch12: evolution-data-server-3.28.5-CVE-2020-16117.patch
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
|
|
||||||
Requires: dconf
|
Requires: dconf
|
||||||
@ -215,6 +218,7 @@ the functionality of the installed %{name} package.
|
|||||||
%patch09 -p1 -b .delay-new-module-load
|
%patch09 -p1 -b .delay-new-module-load
|
||||||
%patch10 -p1 -b .test-cal-meta-backend-without-evolution
|
%patch10 -p1 -b .test-cal-meta-backend-without-evolution
|
||||||
%patch11 -p1 -b .CVE-2020-14928
|
%patch11 -p1 -b .CVE-2020-14928
|
||||||
|
%patch12 -p1 -b .CVE-2020-16117
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -476,6 +480,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
|
|||||||
%{_datadir}/installed-tests
|
%{_datadir}/installed-tests
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 30 2020 Milan Crha <mcrha@redhat.com> - 3.28.5-15
|
||||||
|
- Resolves: #1862403 (CVE-2020-16117: Crash on malformed server response with minimal capabilities)
|
||||||
|
|
||||||
* Thu Jul 23 2020 Milan Crha <mcrha@redhat.com> - 3.28.5-14
|
* Thu Jul 23 2020 Milan Crha <mcrha@redhat.com> - 3.28.5-14
|
||||||
- Resolves: #1859141 (CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3)
|
- Resolves: #1859141 (CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user