Date: Tue, 5 Feb 2019 14:50:38 +0000 (UTC) From: Larry Rosenman <ler@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r492245 - head/mail/dovecot Message-ID: <201902051450.x15EocpA039994@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ler Date: Tue Feb 5 14:50:38 2019 New Revision: 492245 URL: https://svnweb.freebsd.org/changeset/ports/492245 Log: mail/dovecot: upgrade to 2.3.4.1 * CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. * ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field. This may have allowed users with trusted certificate to specify any username in the authentication. This bug didn't affect Dovecot's Submission service. PR: 235523 Submitted by: pascal.christen@hostpoint.ch MFH: 2019Q1 Security: 1340fcc1-2953-11e9-bc44-a4badb296695 Security: CVE-2019-3814 Modified: head/mail/dovecot/Makefile head/mail/dovecot/distinfo Modified: head/mail/dovecot/Makefile ============================================================================== --- head/mail/dovecot/Makefile Tue Feb 5 14:49:44 2019 (r492244) +++ head/mail/dovecot/Makefile Tue Feb 5 14:50:38 2019 (r492245) @@ -7,8 +7,7 @@ ###################################################################### PORTNAME= dovecot -PORTVERSION= 2.3.4 -PORTREVISION= 5 +PORTVERSION= 2.3.4.1 CATEGORIES= mail ipv6 MASTER_SITES= https://www.dovecot.org/releases/2.3/ Modified: head/mail/dovecot/distinfo ============================================================================== --- head/mail/dovecot/distinfo Tue Feb 5 14:49:44 2019 (r492244) +++ head/mail/dovecot/distinfo Tue Feb 5 14:50:38 2019 (r492245) @@ -1,3 +1,3 @@ -TIMESTAMP = 1542984255 -SHA256 (dovecot-2.3.4.tar.gz) = d91b76eff8df6185c1799f1b279f780105bdeeea27e3286b42f4cab18efbef05 -SIZE (dovecot-2.3.4.tar.gz) = 6924178 +TIMESTAMP = 1549377600 +SHA256 (dovecot-2.3.4.1.tar.gz) = b8873e2ce5c33e58963bb7a8d2ff8427c09dbfdd63e13a0b0f4502864043aa07 +SIZE (dovecot-2.3.4.1.tar.gz) = 6925073
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902051450.x15EocpA039994>