* [Buildroot] [PATCH 1/2] package/dovecot: security bump to version 2.3.6
@ 2019-04-30 18:08 Bernd Kuhls
2019-04-30 18:08 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: bump version to 0.5.6 Bernd Kuhls
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Bernd Kuhls @ 2019-04-30 18:08 UTC (permalink / raw)
To: buildroot
Fixes
* CVE-2019-11494: Submission-login crashed with signal 11 due to null
pointer access when authentication was aborted by disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication was
started over TLS secured channel and invalid authentication message
was sent.
Release notes:
https://dovecot.org/pipermail/dovecot-news/2019-April/000408.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/dovecot/dovecot.hash | 2 +-
package/dovecot/dovecot.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/dovecot/dovecot.hash b/package/dovecot/dovecot.hash
index 2b8492a3c8..a57e51405d 100644
--- a/package/dovecot/dovecot.hash
+++ b/package/dovecot/dovecot.hash
@@ -1,5 +1,5 @@
# Locally computed after checking signature
-sha256 ba14e41aefd81a868a35b83bcb54194116106424d37690519b50ea83c0f31bf2 dovecot-2.3.5.2.tar.gz
+sha256 ed1d8dc1beeae9c6c73deac73a62ef19fe9262fbffd86604a3f690452f5536c7 dovecot-2.3.6.tar.gz
sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT
diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk
index d9b94eb83a..78bc41bff2 100644
--- a/package/dovecot/dovecot.mk
+++ b/package/dovecot/dovecot.mk
@@ -5,7 +5,7 @@
################################################################################
DOVECOT_VERSION_MAJOR = 2.3
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).5.2
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).6
DOVECOT_SITE = https://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
DOVECOT_INSTALL_STAGING = YES
DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: bump version to 0.5.6
2019-04-30 18:08 [Buildroot] [PATCH 1/2] package/dovecot: security bump to version 2.3.6 Bernd Kuhls
@ 2019-04-30 18:08 ` Bernd Kuhls
2019-04-30 20:44 ` Peter Korsgaard
2019-05-02 6:37 ` Peter Korsgaard
2019-04-30 20:43 ` [Buildroot] [PATCH 1/2] package/dovecot: security bump to version 2.3.6 Peter Korsgaard
2019-05-02 6:37 ` Peter Korsgaard
2 siblings, 2 replies; 6+ messages in thread
From: Bernd Kuhls @ 2019-04-30 18:08 UTC (permalink / raw)
To: buildroot
Release notes:
https://dovecot.org/pipermail/dovecot-news/2019-April/000411.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/dovecot-pigeonhole/dovecot-pigeonhole.hash | 2 +-
package/dovecot-pigeonhole/dovecot-pigeonhole.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/dovecot-pigeonhole/dovecot-pigeonhole.hash b/package/dovecot-pigeonhole/dovecot-pigeonhole.hash
index a1d88d49e2..f2b8720c63 100644
--- a/package/dovecot-pigeonhole/dovecot-pigeonhole.hash
+++ b/package/dovecot-pigeonhole/dovecot-pigeonhole.hash
@@ -1,3 +1,3 @@
# Locally computed after checking signature
-sha256 cbaa106e1c2b23824420efdd6a9f8572c64c8dccf75a3101a899b6ddb25149a5 dovecot-2.3-pigeonhole-0.5.5.tar.gz
+sha256 7c2fe7e23e732a8451172c00da5f19532448c95e03e44d47c61b123e8210f5b8 dovecot-2.3-pigeonhole-0.5.6.tar.gz
sha256 fc9e9522216f2a9a28b31300e3c73c1df56acc27dfae951bf516e7995366b51a COPYING
diff --git a/package/dovecot-pigeonhole/dovecot-pigeonhole.mk b/package/dovecot-pigeonhole/dovecot-pigeonhole.mk
index 2a7626733f..1568cbc14d 100644
--- a/package/dovecot-pigeonhole/dovecot-pigeonhole.mk
+++ b/package/dovecot-pigeonhole/dovecot-pigeonhole.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DOVECOT_PIGEONHOLE_VERSION = 0.5.5
+DOVECOT_PIGEONHOLE_VERSION = 0.5.6
DOVECOT_PIGEONHOLE_SOURCE = dovecot-2.3-pigeonhole-$(DOVECOT_PIGEONHOLE_VERSION).tar.gz
DOVECOT_PIGEONHOLE_SITE = https://pigeonhole.dovecot.org/releases/2.3
DOVECOT_PIGEONHOLE_LICENSE = LGPL-2.1
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/2] package/dovecot: security bump to version 2.3.6
2019-04-30 18:08 [Buildroot] [PATCH 1/2] package/dovecot: security bump to version 2.3.6 Bernd Kuhls
2019-04-30 18:08 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: bump version to 0.5.6 Bernd Kuhls
@ 2019-04-30 20:43 ` Peter Korsgaard
2019-05-02 6:37 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2019-04-30 20:43 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Fixes
> * CVE-2019-11494: Submission-login crashed with signal 11 due to null
> pointer access when authentication was aborted by disconnecting.
> * CVE-2019-11499: Submission-login crashed when authentication was
> started over TLS secured channel and invalid authentication message
> was sent.
> Release notes:
> https://dovecot.org/pipermail/dovecot-news/2019-April/000408.html
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Wow, they keep un having security issues :/
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: bump version to 0.5.6
2019-04-30 18:08 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: bump version to 0.5.6 Bernd Kuhls
@ 2019-04-30 20:44 ` Peter Korsgaard
2019-05-02 6:37 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2019-04-30 20:44 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Release notes:
> https://dovecot.org/pipermail/dovecot-news/2019-April/000411.html
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/2] package/dovecot: security bump to version 2.3.6
2019-04-30 18:08 [Buildroot] [PATCH 1/2] package/dovecot: security bump to version 2.3.6 Bernd Kuhls
2019-04-30 18:08 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: bump version to 0.5.6 Bernd Kuhls
2019-04-30 20:43 ` [Buildroot] [PATCH 1/2] package/dovecot: security bump to version 2.3.6 Peter Korsgaard
@ 2019-05-02 6:37 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2019-05-02 6:37 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Fixes
> * CVE-2019-11494: Submission-login crashed with signal 11 due to null
> pointer access when authentication was aborted by disconnecting.
> * CVE-2019-11499: Submission-login crashed when authentication was
> started over TLS secured channel and invalid authentication message
> was sent.
> Release notes:
> https://dovecot.org/pipermail/dovecot-news/2019-April/000408.html
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed to 2019.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: bump version to 0.5.6
2019-04-30 18:08 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: bump version to 0.5.6 Bernd Kuhls
2019-04-30 20:44 ` Peter Korsgaard
@ 2019-05-02 6:37 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2019-05-02 6:37 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Release notes:
> https://dovecot.org/pipermail/dovecot-news/2019-April/000411.html
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed to 2019.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-05-02 6:37 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-30 18:08 [Buildroot] [PATCH 1/2] package/dovecot: security bump to version 2.3.6 Bernd Kuhls
2019-04-30 18:08 ` [Buildroot] [PATCH 2/2] package/dovecot-pigeonhole: bump version to 0.5.6 Bernd Kuhls
2019-04-30 20:44 ` Peter Korsgaard
2019-05-02 6:37 ` Peter Korsgaard
2019-04-30 20:43 ` [Buildroot] [PATCH 1/2] package/dovecot: security bump to version 2.3.6 Peter Korsgaard
2019-05-02 6:37 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.