[Buildroot] [PATCH] dovecot: bump version to 2.2.29.1 (security)
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Wed Apr 12 19:01:35 UTC 2017
Hello,
On Wed, 12 Apr 2017 16:56:47 +0100, Vicente Olivert Riera wrote:
> Security fix:
>
> passdb/userdb dict: Don't double-expand %variables in keys. If dict
> was used as the authentication passdb, using specially crafted
> %variables in the username could be used to cause DoS (CVE-2017-2669)
>
> Full ChangeLog 2.2.29 (including CVE fix):
> https://www.dovecot.org/list/dovecot-news/2017-April/000341.html
>
> Full ChangeLog 2.2.29.1 (some fixes forgotten in the 2.2.29 release):
>
> https://www.dovecot.org/list/dovecot-news/2017-April/000344.html
>
> Signed-off-by: Vicente Olivert Riera <Vincent.Riera at imgtec.com>
> ---
> package/dovecot/dovecot.hash | 2 +-
> package/dovecot/dovecot.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Peter: wanted for the LTS branch.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list