commit dovecot23 for openSUSE:Factory

root Wed, 06 Feb 2019 05:08:01 -0800

Hello community,

here is the log from the commit of package dovecot23 for openSUSE:Factory 
checked in at 2019-02-06 14:07:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
 and      /work/SRC/openSUSE:Factory/.dovecot23.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "dovecot23"

Wed Feb  6 14:07:20 2019 rev:15 rq:671912 version:2.3.4.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes      2019-01-24 
14:12:02.843457140 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.28833/dovecot23.changes   
2019-02-06 14:07:26.686648974 +0100
@@ -1,0 +2,16 @@
+Tue Feb  5 13:45:52 UTC 2019 - Marcus Rueckert <[email protected]>
+
+- update to 2.3.4.1 (boo#1123022)
+  * CVE-2019-3814: If imap/pop3/managesieve/submission client has
+    trusted certificate with missing username field
+    (ssl_cert_username_field), under some configurations Dovecot
+    mistakenly trusts the username provided via authentication
+    instead of failing.
+  * ssl_cert_username_field setting was ignored with external
+    SMTP AUTH, because none of the MTAs (Postfix, Exim) currently
+    send the cert_username field. This may have allowed users with
+    trusted certificate to specify any username in the
+    authentication. This bug didn't affect Dovecot's Submission
+    service.
+
+-------------------------------------------------------------------

Old:
----
  dovecot-2.3.4.tar.gz
  dovecot-2.3.4.tar.gz.sig

New:
----
  dovecot-2.3.4.1.tar.gz
  dovecot-2.3.4.1.tar.gz.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dovecot23.spec ++++++
--- /var/tmp/diff_new_pack.1ihflQ/_old  2019-02-06 14:07:28.218648694 +0100
+++ /var/tmp/diff_new_pack.1ihflQ/_new  2019-02-06 14:07:28.218648694 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package dovecot23
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,10 +17,10 @@
 
 
 Name:           dovecot23
-Version:        2.3.4
+Version:        2.3.4.1
 Release:        0
 %define pkg_name dovecot
-%define dovecot_version 2.3.4
+%define dovecot_version 2.3.4.1
 %define dovecot_pigeonhole_version 0.5.4
 %define dovecot_branch  2.3
 %define dovecot_pigeonhole_source_dir 
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}


++++++ dovecot-2.3.4.tar.gz -> dovecot-2.3.4.1.tar.gz ++++++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.4.tar.gz 
/work/SRC/openSUSE:Factory/.dovecot23.new.28833/dovecot-2.3.4.1.tar.gz differ: 
char 5, line 1

commit dovecot23 for openSUSE:Factory

Reply via email to