Date: Wed, 28 Aug 2019 15:59:59 +0000 (UTC) From: Larry Rosenman <ler@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r510075 - in head/mail: dovecot dovecot-pigeonhole Message-ID: <201908281559.x7SFxxmd008904@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ler Date: Wed Aug 28 15:59:59 2019 New Revision: 510075 URL: https://svnweb.freebsd.org/changeset/ports/510075 Log: mail/dovecot,mail/dovecot-pigeonhole: fix CVE-2019-11500 Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Found by Nick Roessler and Rafi Rubin. MFH: 2019Q3 Security: CVE-2019-11500 Modified: head/mail/dovecot-pigeonhole/Makefile head/mail/dovecot-pigeonhole/distinfo head/mail/dovecot/Makefile head/mail/dovecot/distinfo Modified: head/mail/dovecot-pigeonhole/Makefile ============================================================================== --- head/mail/dovecot-pigeonhole/Makefile Wed Aug 28 15:58:09 2019 (r510074) +++ head/mail/dovecot-pigeonhole/Makefile Wed Aug 28 15:59:59 2019 (r510075) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= dovecot-pigeonhole -PORTVERSION= 0.5.7.1 -PORTREVISION= 1 +PORTVERSION= 0.5.7.2 CATEGORIES= mail MASTER_SITES= http://pigeonhole.dovecot.org/releases/${DOVECOTVERSION}/ DISTNAME= ${PORTNAME:C/-/-${DOVECOTVERSION}-/}-${PORTVERSION} @@ -13,8 +12,8 @@ COMMENT= Sieve plugin for the Dovecot 'deliver' LDA an LICENSE= LGPL21 -BUILD_DEPENDS= dovecot>=2.3.6:mail/dovecot -RUN_DEPENDS= dovecot>=2.3.6:mail/dovecot +BUILD_DEPENDS= dovecot>=2.3.7:mail/dovecot +RUN_DEPENDS= dovecot>=2.3.7:mail/dovecot DOVECOTVERSION= 2.3 Modified: head/mail/dovecot-pigeonhole/distinfo ============================================================================== --- head/mail/dovecot-pigeonhole/distinfo Wed Aug 28 15:58:09 2019 (r510074) +++ head/mail/dovecot-pigeonhole/distinfo Wed Aug 28 15:59:59 2019 (r510075) @@ -1,3 +1,3 @@ -TIMESTAMP = 1563891950 -SHA256 (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 3270b24c1f75a7c144f54d6d08ce994176e39c2cdb3ac4dd80ad5e64aaaa2028 -SIZE (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 1857291 +TIMESTAMP = 1567007127 +SHA256 (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = d59d0c5c5225a126e5b98bf95d75e8dd368bdeeb3da2e9766dbe4fddaa9411b0 +SIZE (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = 1857602 Modified: head/mail/dovecot/Makefile ============================================================================== --- head/mail/dovecot/Makefile Wed Aug 28 15:58:09 2019 (r510074) +++ head/mail/dovecot/Makefile Wed Aug 28 15:59:59 2019 (r510075) @@ -7,7 +7,7 @@ ###################################################################### PORTNAME= dovecot -PORTVERSION= 2.3.7.1 +PORTVERSION= 2.3.7.2 CATEGORIES= mail ipv6 MASTER_SITES= https://dovecot.org/releases/2.3/ Modified: head/mail/dovecot/distinfo ============================================================================== --- head/mail/dovecot/distinfo Wed Aug 28 15:58:09 2019 (r510074) +++ head/mail/dovecot/distinfo Wed Aug 28 15:59:59 2019 (r510075) @@ -1,3 +1,3 @@ -TIMESTAMP = 1563891542 -SHA256 (dovecot-2.3.7.1.tar.gz) = c5a51d6f76e6e9c843df69e52a364a4c65c4c60e0c51d992eaa45f22f71803c3 -SIZE (dovecot-2.3.7.1.tar.gz) = 7076500 +TIMESTAMP = 1567006255 +SHA256 (dovecot-2.3.7.2.tar.gz) = 666ce084760a47e601d49a9be3c7993c48789d332631e8dfb45f443b367b1260 +SIZE (dovecot-2.3.7.2.tar.gz) = 7076231
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908281559.x7SFxxmd008904>