Date: Thu, 28 Mar 2019 12:24:41 +0000 (UTC) From: Larry Rosenman <ler@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r497015 - head/mail/dovecot Message-ID: <201903281224.x2SCOfbA018347@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ler Date: Thu Mar 28 12:24:41 2019 New Revision: 497015 URL: https://svnweb.freebsd.org/changeset/ports/497015 Log: mail/dovecot: upgrade to 2.3.5.1. * CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files. MFH: 2019Q1 Security: CVE-2019-7524 Modified: head/mail/dovecot/Makefile head/mail/dovecot/distinfo Modified: head/mail/dovecot/Makefile ============================================================================== --- head/mail/dovecot/Makefile Thu Mar 28 12:21:36 2019 (r497014) +++ head/mail/dovecot/Makefile Thu Mar 28 12:24:41 2019 (r497015) @@ -7,8 +7,7 @@ ###################################################################### PORTNAME= dovecot -PORTVERSION= 2.3.5 -PORTREVISION= 1 +PORTVERSION= 2.3.5.1 CATEGORIES= mail ipv6 MASTER_SITES= https://www.dovecot.org/releases/2.3/ Modified: head/mail/dovecot/distinfo ============================================================================== --- head/mail/dovecot/distinfo Thu Mar 28 12:21:36 2019 (r497014) +++ head/mail/dovecot/distinfo Thu Mar 28 12:24:41 2019 (r497015) @@ -1,3 +1,3 @@ -TIMESTAMP = 1551804380 -SHA256 (dovecot-2.3.5.tar.gz) = bfe112ec6d11f7d6c6f7f0440e3b6e2c840c15cec1e99466b5495765d54aaaff -SIZE (dovecot-2.3.5.tar.gz) = 6970480 +TIMESTAMP = 1553773734 +SHA256 (dovecot-2.3.5.1.tar.gz) = d78f9d479e3b2caa808160f86bfec1c9c7b46344d8b14b88f5fa9bbbf8c7c33f +SIZE (dovecot-2.3.5.1.tar.gz) = 6953150
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903281224.x2SCOfbA018347>