package/dovecot: security bump to version 2.3.4.1 - buildroot

diff options

author	Peter Korsgaard <peter@korsgaard.com>	2019-02-05 17:57:10 +0100
committer	Peter Korsgaard <peter@korsgaard.com>	2019-02-05 20:27:06 +0100
commit	a30d577a4b1592f9bec441de3aee6f75d2ef3fd6 (patch)
tree	450b7fd8e977091fbd957cf565a155f7c4cda3e7 /support/testing/tests/package/test_docker_compose.py
parent	b03fa5d96f54847ce338f0a30839d2ad67d2c4da (diff)
download	buildroot-a30d577a4b1592f9bec441de3aee6f75d2ef3fd6.tar.gz buildroot-a30d577a4b1592f9bec441de3aee6f75d2ef3fd6.zip

package/dovecot: security bump to version 2.3.4.1

Fixes the following security issues: * CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. * ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field. This may have allowed users with trusted certificate to specify any username in the authentication. This bug didn't affect Dovecot's Submission service. For more details, see the announcement: https://www.dovecot.org/list/dovecot-news/2019-February/000394.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Diffstat (limited to 'support/testing/tests/package/test_docker_compose.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: