[Buildroot] [PATCH] package/dovecot: security bump to version 2.3.5.2
Peter Korsgaard
peter at korsgaard.com
Fri Apr 26 13:06:30 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issue:
> * CVE-2019-10691: Trying to login with 8bit username containing
> invalid UTF8 input causes auth process to crash if auth policy is
> enabled. This could be used rather easily to cause a DoS. Similar
> crash also happens during mail delivery when using invalid UTF8 in
> From or Subject header when OX push notification driver is used.
> https://dovecot.org/pipermail/dovecot-news/2019-April/000406.html
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list