[Buildroot] [PATCH] dovecot: bump version to 2.2.29.1 (security)

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Wed Apr 12 19:01:35 UTC 2017


Hello,

On Wed, 12 Apr 2017 16:56:47 +0100, Vicente Olivert Riera wrote:
> Security fix:
> 
>   passdb/userdb dict: Don't double-expand %variables in keys. If dict
>   was used as the authentication passdb, using specially crafted
>   %variables in the username could be used to cause DoS (CVE-2017-2669)
> 
> Full ChangeLog 2.2.29 (including CVE fix):
>   https://www.dovecot.org/list/dovecot-news/2017-April/000341.html
> 
> Full ChangeLog 2.2.29.1 (some fixes forgotten in the 2.2.29 release):
> 
>   https://www.dovecot.org/list/dovecot-news/2017-April/000344.html
> 
> Signed-off-by: Vicente Olivert Riera <Vincent.Riera at imgtec.com>
> ---
>  package/dovecot/dovecot.hash | 2 +-
>  package/dovecot/dovecot.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Peter: wanted for the LTS branch.

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com


More information about the buildroot mailing list