commit dovecot23 for openSUSE:Factory

Fri, 19 Apr 2019 09:39:38 -0700 

Hello community,

here is the log from the commit of package dovecot23 for openSUSE:Factory 
checked in at 2019-04-19 18:38:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
 and      /work/SRC/openSUSE:Factory/.dovecot23.new.5536 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "dovecot23"

Fri Apr 19 18:38:42 2019 rev:17 rq:695556 version:2.3.5.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes      2019-04-04 
15:27:27.338899173 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.5536/dovecot23.changes    
2019-04-19 18:38:46.763214914 +0200
@@ -1,0 +2,11 @@
+Thu Apr 18 11:40:06 UTC 2019 - Marcus Rueckert <[email protected]>
+
+- update to 2.3.5.2 (boo#1132501)
+  * CVE-2019-10691: Trying to login with 8bit username containing
+    invalid UTF8 input causes auth process to crash if auth policy
+    is enabled. This could be used rather easily to cause a DoS.
+    Similar crash also happens during mail delivery when using
+    invalid UTF8 in From or Subject header when OX push
+    notification driver is used.
+
+-------------------------------------------------------------------
@@ -4 +15 @@
-- update to 2.3.5.1
+- update to 2.3.5.1 (boo#1130116)

Old:
----
  dovecot-2.3.5.1.tar.gz
  dovecot-2.3.5.1.tar.gz.sig

New:
----
  dovecot-2.3.5.2.tar.gz
  dovecot-2.3.5.2.tar.gz.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dovecot23.spec ++++++
--- /var/tmp/diff_new_pack.UN8HQh/_old  2019-04-19 18:38:48.667217332 +0200
+++ /var/tmp/diff_new_pack.UN8HQh/_new  2019-04-19 18:38:48.671217337 +0200
@@ -17,10 +17,10 @@
 
 
 Name:           dovecot23
-Version:        2.3.5.1
+Version:        2.3.5.2
 Release:        0
 %define pkg_name dovecot
-%define dovecot_version 2.3.5.1
+%define dovecot_version 2.3.5.2
 %define dovecot_pigeonhole_version 0.5.5
 %define dovecot_branch  2.3
 %define dovecot_pigeonhole_source_dir 
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}


++++++ dovecot-2.3.5.1.tar.gz -> dovecot-2.3.5.2.tar.gz ++++++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.5.1.tar.gz 
/work/SRC/openSUSE:Factory/.dovecot23.new.5536/dovecot-2.3.5.2.tar.gz differ: 
char 5, line 1

Reply via email to