kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/mail/dovecot2
History
taca 661b89a69a mail/dovecot2: update to 2.3.4.1 
v2.3.4.1 2019-02-05  Aki Tuomi <aki.tuomi@open-xchange.com>

	* CVE-2019-3814: If imap/pop3/managesieve/submission client has
	  trusted certificate with missing username field
	  (ssl_cert_username_field), under some configurations Dovecot
	  mistakenly trusts the username provided via authentication instead
	  of failing.
	* ssl_cert_username_field setting was ignored with external SMTP AUTH,
	  because none of the MTAs (Postfix, Exim) currently send the
	  cert_username field. This may have allowed users with trusted
	  certificate to specify any username in the authentication. This bug
	  didn't affect Dovecot's Submission service.
2019-02-06 01:41:28 +00:00
..
files
patches Provide declarations for kill() and SIGKILL to fix NetBSD-8 build. 2018-12-02 04:45:00 +00:00
buildlink3.mk dovecot2: updated to 2.3.4 2018-11-30 18:43:09 +00:00
DESCR
distinfo mail/dovecot2: update to 2.3.4.1 2019-02-06 01:41:28 +00:00
Makefile dovecot2: updated to 2.3.3 2018-10-23 16:29:18 +00:00
Makefile.common mail/dovecot2: update to 2.3.4.1 2019-02-06 01:41:28 +00:00
options.mk dovecot2: updated to 2.3.4 2018-11-30 18:43:09 +00:00
PLIST dovecot2: updated to 2.3.4 2018-11-30 18:43:09 +00:00