[Buildroot] [PATCH] package/dovecot: security bump to version 2.3.5.1

Peter Korsgaard peter at korsgaard.com
Fri Apr 5 15:29:09 UTC 2019


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issue:
 >  * CVE-2019-7524: Missing input buffer size validation leads into
 >    arbitrary buffer overflow when reading fts or pop3 uidl header
 >    from Dovecot index. Exploiting this requires direct write access to
 >    the index files.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2019.02.x (and the corresponding dovecot-pigeonhole bump), thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list