#acl PaulHowarth:read,write,admin,revert,delete All:read === Tuesday 19th May 2020 === ==== Fedora Project ==== * Updated `perl-Text-CSV_XS` to 1.42 in Rawhide: * Update to `Devel::PPPort`-3.58 * Unicode fixes for `csv2xls` and `csv2xlsx` * Add internal buffers to cache diagnostics * Fix positional reporting in `examples/csv-check` * Allow passing CSV parsing attributes to `csv-check` * Proof reading - doc fixes by Klaus Baldermann `` ([[https://github.com/Tux/Text-CSV_XS/pull/21|GH#21]]) * Fix type caching ([[CPAN:132344|CPAN RT#132344]]) * Small doc fix by Nick Tonkin `<1nickt>` ([[https://github.com/Tux/Text-CSV_XS/pull/22|GH#22]]) * Fix `sep=;` being ignored in `->header` ([[https://github.com/Tux/Text-CSV_XS/issues/23|GH#23]]) ==== Local Packages ==== * Updated `dovecot` to 2.3.10.1: * [[CVE:2020-10957|CVE-2020-10957]]: `lmtp`/`submission`: A client can crash the server by sending a `NOOP` command with an invalid string parameter * This occurs particularly for a parameter that doesn't start with a double quote * This applies to all SMTP services, including `submission-login`, which makes it possible to crash the submission service without authentication * [[CVE:2020-10958|CVE-2020-10958]]: `lmtp`/`submission`: Sending many invalid or unknown commands can cause the server to access freed memory, which can lead to a server crash * This happens when the server closes the connection with a "`421 Too many invalid commands`" error; the bad command limit depends on the service (`lmtp` or `submission`) and varies between 10 to 20 bad commands * [[CVE:2020-10967|CVE-2020-10967]]: `lmtp`/`submission`: Issuing the `RCPT` command with an address that has the empty quoted string as local-part causes the `lmtp` service to crash * Updated `nmap` (7.80) not to `assert`-crash on unsolicited ARP response ([[RedHatBugzilla:1836989|Bug #1836989]]) * Updated `perl-Text-CSV_XS` to 1.42 as per the Fedora version ----