Date: Thu, 1 Jul 2021 16:59:53 -0600 From: "@lbutlr" <kremels@kreme.com> To: The Doctor <doctor@doctor.nl2k.ab.ca> Cc: ports@freebsd.org Subject: Re: Dovecot Message-ID: <7C77BA02-A26E-42CA-869E-804BD6C63B07@kreme.com> In-Reply-To: <YN5FblFt4bT9Tg0%2B@doctor.nl2k.ab.ca> References: <EBF9ECC3-7FAA-4F09-9184-AD97C8659C6A@kreme.com> <YN5FblFt4bT9Tg0%2B@doctor.nl2k.ab.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01 Jul 2021, at 16:45, The Doctor <doctor@doctor.nl2k.ab.ca> wrote: > On Thu, Jul 01, 2021 at 04:21:31PM -0600, @lbutlr wrote: >> The current version of dovecot is 2.3.15. The newest ports version is = 2.3.13_1=20 >>=20 >> dovecot-2.3.13_1 is vulnerable: >> dovecot -- multiple vulnerabilities >> CVE: CVE-2021-33515 >> CVE: CVE-2021-29157 >> WWW: = https://vuxml.FreeBSD.org/freebsd/d18f431d-d360-11eb-a32c-00a0989e4ec1.htm= l >>=20 >> dovecot-pigeonhole-0.5.13 is vulnerable: >> dovecot-pigeonhole -- Sieve excessive resource usage >> CVE: CVE-2020-28200 >> WWW: = https://vuxml.FreeBSD.org/freebsd/f3fc2b50-d36a-11eb-a32c-00a0989e4ec1.htm= l >>=20 >> These CVEs were addressed in 2.3.14.1. >>=20 >> Any idea what the delay is? >=20 > Where is the person responsible for the ports? No idea. Some people have emailed and received no reply. --=20 Bowling scores are way up, minigolf scores are way down, and we have more excellent waterslides than any other planet we communicate with
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7C77BA02-A26E-42CA-869E-804BD6C63B07>