pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/dovecot2 Security fix:
details: https://anonhg.NetBSD.org/pkgsrc/rev/2eb7ccd2be97
branches: trunk
changeset: 331957:2eb7ccd2be97
user: hauke <hauke%pkgsrc.org@localhost>
date: Fri Mar 29 14:27:43 2019 +0000
description:
Security fix:
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
from Dovecot index. Exploiting this requires direct write access to
the index files.
diffstat:
mail/dovecot2/Makefile.common | 6 +++---
mail/dovecot2/distinfo | 10 +++++-----
2 files changed, 8 insertions(+), 8 deletions(-)
diffs (39 lines):
diff -r 5874c82101c1 -r 2eb7ccd2be97 mail/dovecot2/Makefile.common
--- a/mail/dovecot2/Makefile.common Fri Mar 29 12:38:49 2019 +0000
+++ b/mail/dovecot2/Makefile.common Fri Mar 29 14:27:43 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.25 2019/03/05 16:51:03 hauke Exp $
+# $NetBSD: Makefile.common,v 1.26 2019/03/29 14:27:43 hauke Exp $
#
# when updating to a new release, update ABI depends in
# the buildlink3.mk file as well, since the plugins' version
@@ -11,9 +11,9 @@
# used by mail/dovecot2-pgsql/Makefile
# used by mail/dovecot2-sqlite/Makefile
-DISTNAME= dovecot-2.3.5
+DISTNAME= dovecot-2.3.5.1
CATEGORIES= mail
-MASTER_SITES= https://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/
+MASTER_SITES= https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
MAINTAINER= adam%NetBSD.org@localhost
HOMEPAGE= http://www.dovecot.org/
diff -r 5874c82101c1 -r 2eb7ccd2be97 mail/dovecot2/distinfo
--- a/mail/dovecot2/distinfo Fri Mar 29 12:38:49 2019 +0000
+++ b/mail/dovecot2/distinfo Fri Mar 29 14:27:43 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.89 2019/03/05 16:51:03 hauke Exp $
+$NetBSD: distinfo,v 1.90 2019/03/29 14:27:43 hauke Exp $
-SHA1 (dovecot-2.3.5.tar.gz) = e03f2ad6d80afb1b23d4f82a5ced794e07f467b7
-RMD160 (dovecot-2.3.5.tar.gz) = 428b4351e7566dbdac8da41be890016bfc575ff7
-SHA512 (dovecot-2.3.5.tar.gz) = 10513c371aeadd52184daaf8dbb9a7559c6db55e34182bbb2c9539dae0897ddcc76f6fe2ce6a81c7ce0cb94c7f79438ae3bb0e7db8ed46615feb337b4078ecc6
-Size (dovecot-2.3.5.tar.gz) = 6970480 bytes
+SHA1 (dovecot-2.3.5.1.tar.gz) = 073ff93eeffc8166303ee3fb36b71c7a8d8a0230
+RMD160 (dovecot-2.3.5.1.tar.gz) = fc380f77e4a97808237a37697b3a11010e255921
+SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a
+Size (dovecot-2.3.5.1.tar.gz) = 6953150 bytes
SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666
SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b
Home |
Main Index |
Thread Index |
Old Index