From nobody Thu Jul  1 22:59:53 2021
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C2D3411E4DD9
	for <ports@mlmmj.nyi.freebsd.org>; Thu,  1 Jul 2021 22:59:54 +0000 (UTC)
	(envelope-from kremels@kreme.com)
Received: from mail.covisp.net (mail.covisp.net [65.121.55.42])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4GGDF651p0z3QC4
	for <ports@freebsd.org>; Thu,  1 Jul 2021 22:59:54 +0000 (UTC)
	(envelope-from kremels@kreme.com)
Content-Type: text/plain;
	charset=us-ascii
Subject: Re: Dovecot
From: "@lbutlr" <kremels@kreme.com>
In-Reply-To: <YN5FblFt4bT9Tg0+@doctor.nl2k.ab.ca>
Date: Thu, 1 Jul 2021 16:59:53 -0600
Cc: ports@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7C77BA02-A26E-42CA-869E-804BD6C63B07@kreme.com>
References: <EBF9ECC3-7FAA-4F09-9184-AD97C8659C6A@kreme.com>
 <YN5FblFt4bT9Tg0+@doctor.nl2k.ab.ca>
To: The Doctor <doctor@doctor.nl2k.ab.ca>
X-Mailer: Apple Mail (2.3681.0.2.1.2)
X-Rspamd-Queue-Id: 4GGDF651p0z3QC4
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-Spam: Yes
X-ThisMailContainsUnwantedMimeParts: N
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org

On 01 Jul 2021, at 16:45, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
> On Thu, Jul 01, 2021 at 04:21:31PM -0600, @lbutlr wrote:
>> The current version of dovecot is 2.3.15. The newest ports version is =
2.3.13_1=20
>>=20
>> dovecot-2.3.13_1 is vulnerable:
>>  dovecot -- multiple vulnerabilities
>>  CVE: CVE-2021-33515
>>  CVE: CVE-2021-29157
>>  WWW: =
https://vuxml.FreeBSD.org/freebsd/d18f431d-d360-11eb-a32c-00a0989e4ec1.htm=
l
>>=20
>> dovecot-pigeonhole-0.5.13 is vulnerable:
>>  dovecot-pigeonhole -- Sieve excessive resource usage
>>  CVE: CVE-2020-28200
>>  WWW: =
https://vuxml.FreeBSD.org/freebsd/f3fc2b50-d36a-11eb-a32c-00a0989e4ec1.htm=
l
>>=20
>> These CVEs were addressed in 2.3.14.1.
>>=20
>> Any idea what the delay is?
>=20
> Where is the person responsible for the ports?

No idea. Some people have emailed and received no reply.


--=20
Bowling scores are way up, minigolf scores are way down, and we have
	more excellent waterslides than any other planet we communicate
	with