package/dovecot: security bump to version 2.3.5.2 (89c7e417) · Commits · Arm Reference Solutions / buildroot

Commit 89c7e417 authored Apr 25, 2019 by Peter Korsgaard Committed by Thomas Petazzoni Apr 26, 2019

package/dovecot: security bump to version 2.3.5.2

Fixes the following security issue:

* CVE-2019-10691: Trying to login with 8bit username containing
  invalid UTF8 input causes auth process to crash if auth policy is
  enabled. This could be used rather easily to cause a DoS. Similar
  crash also happens during mail delivery when using invalid UTF8 in
  From or Subject header when OX push notification driver is used.

https://dovecot.org/pipermail/dovecot-news/2019-April/000406.html



Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

parent 5bc45c5e

Hide whitespace changes

Inline Side-by-side

Please register or to comment