unspecified

dovecot - Dovecot IMAP server

Website: http://www.dovecot.org/
License: MIT and LGPLv2
Vendor: city-fan.org repo http://www.city-fan.org/ftp/contrib/
Description:
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either maildir or mbox formats.

Packages

dovecot-2.3.6-1.0.cf.fc22.i686 [5.1 MiB] Changelog by Paul Howarth (2019-05-01):
- Update dovecot to 2.3.6
  - CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer
    access when authentication was aborted by disconnecting
  - CVE-2019-11499: Submission-login crashed when authentication was started
    over TLS secured channel and invalid authentication message was sent
  - auth: Support password grant with passdb oauth2
  - Use system default CAs for outbound TLS connections
  - Simplify array handling with new helper macros
  - fts_solr: Enable configuring batch_size and soft_commit features
  - lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang
    when XCLIENT commands were sent infinitely to the remote server
  - lmtp/submission: Forwarded multi-line replies were erroneously sent as two
    replies to the client
  - lib-smtp: client: Message was not guaranteed to contain CRLF consistently
    when CHUNKING was used
  - fts_solr: Plugin was no longer compatible with Solr 7
  - Make it possible to disable certificate checking without setting
    ssl_client_ca_* settings
  - pop3c: SSL support was broken
  - mysql: Closing connection twice lead to crash on some systems
  - auth: Multiple oauth2 passdbs crashed auth process on deinit
  - HTTP client connection errors infrequently triggered a segmentation fault
    when the connection was idle and not used for a particular client instance
- Update pigeonhole to 0.5.6
  - sieve: Redirect loop prevention is sometimes ineffective; improve existing
    loop detection by also recognizing the X-Sieve-Redirected-From header in
    incoming messages and dropping redirect actions when it points to the
    sending account (this header is already added by the redirect action, so
    this improvement only adds an additional use of this header)
  - sieve: Prevent execution of implicit keep upon temporary failure occurring
    at runtime
dovecot-2.2.36.3-1.0.cf.fc22.i686 [4.9 MiB] Changelog by Paul Howarth (2019-03-29):
- Update dovecot to 2.2.36.3
  - CVE-2019-7524: Missing input buffer size validation leads into arbitrary
    buffer overflow when reading fts or pop3 uidl header from Dovecot index;
    exploiting this requires direct write access to the index files

Listing created by Repoview-0.6.6-13.fc29