Date: Thu, 1 Jul 2021 23:03:38 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: "@lbutlr" <kremels@kreme.com> Cc: The Doctor <doctor@doctor.nl2k.ab.ca>, "ports@FreeBSD.org" <ports@freebsd.org> Subject: Re: Dovecot Message-ID: <CAN6yY1vwuwxkzKSRm-OT1tFxaH_oUX6cx3jCyN_ro1zHOpFgxQ@mail.gmail.com> In-Reply-To: <7C77BA02-A26E-42CA-869E-804BD6C63B07@kreme.com> References: <EBF9ECC3-7FAA-4F09-9184-AD97C8659C6A@kreme.com> <YN5FblFt4bT9Tg0%2B@doctor.nl2k.ab.ca> <7C77BA02-A26E-42CA-869E-804BD6C63B07@kreme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000007da3b905c61db8e0 Content-Type: text/plain; charset="UTF-8" On Thu, Jul 1, 2021 at 4:00 PM @lbutlr <kremels@kreme.com> wrote: > On 01 Jul 2021, at 16:45, The Doctor <doctor@doctor.nl2k.ab.ca> wrote: > > On Thu, Jul 01, 2021 at 04:21:31PM -0600, @lbutlr wrote: > >> The current version of dovecot is 2.3.15. The newest ports version is > 2.3.13_1 > >> > >> dovecot-2.3.13_1 is vulnerable: > >> dovecot -- multiple vulnerabilities > >> CVE: CVE-2021-33515 > >> CVE: CVE-2021-29157 > >> WWW: > https://vuxml.FreeBSD.org/freebsd/d18f431d-d360-11eb-a32c-00a0989e4ec1.html > >> > >> dovecot-pigeonhole-0.5.13 is vulnerable: > >> dovecot-pigeonhole -- Sieve excessive resource usage > >> CVE: CVE-2020-28200 > >> WWW: > https://vuxml.FreeBSD.org/freebsd/f3fc2b50-d36a-11eb-a32c-00a0989e4ec1.html > >> > >> These CVEs were addressed in 2.3.14.1. > >> > >> Any idea what the delay is? > > > > Where is the person responsible for the ports? > > No idea. Some people have emailed and received no reply. % make -C /usr/ports/mail/dovecot maintainer ler@FreeBSD.org Larry is usually quite responsive, but life happens. It is a volunteer job. (They all are except the few paid by the FreeBSD Project.) If someone could update the port, any ports committer can update the port after a 14 day wait. Until that timeout, it's in Larry's ballpark. I suspect that some of the FreeBSD patches will need at least a little work. I really don't have time to spend right now on a port I don't use and am only familiar with its function. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 --0000000000007da3b905c61db8e0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1vwuwxkzKSRm-OT1tFxaH_oUX6cx3jCyN_ro1zHOpFgxQ>