commit dovecot23 for openSUSE:Factory

root Tue, 19 May 2020 05:50:18 -0700

Hello community,

here is the log from the commit of package dovecot23 for openSUSE:Factory 
checked in at 2020-05-19 14:49:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
 and      /work/SRC/openSUSE:Factory/.dovecot23.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "dovecot23"

Tue May 19 14:49:37 2020 rev:29 rq:807017 version:2.3.10.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes      2020-05-07 
14:55:34.206410488 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot23.changes    
2020-05-19 14:49:41.740231275 +0200
@@ -1,0 +2,14 @@
+Mon May 18 14:04:52 UTC 2020 - Michael Ströder <mich...@stroeder.com>
+
+- update to 2.3.10.1 with security fixes for
+  * CVE-2020-10957: lmtp/submission: A client can crash the server by
+    sending a NOOP command with an invalid string parameter.
+    (boo#1171457)
+  * CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
+    commands can cause the server to access freed memory, which can lead
+    to a server crash. (boo#1171458)
+  * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
+    address that has the empty quoted string as local-part causes the
+    lmtp service to crash. (boo#1171456)
+
+-------------------------------------------------------------------

Old:
----
  dovecot-2.3.10.tar.gz
  dovecot-2.3.10.tar.gz.sig

New:
----
  dovecot-2.3.10.1.tar.gz
  dovecot-2.3.10.1.tar.gz.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dovecot23.spec ++++++
--- /var/tmp/diff_new_pack.IJDnZ9/_old  2020-05-19 14:49:42.416232774 +0200
+++ /var/tmp/diff_new_pack.IJDnZ9/_new  2020-05-19 14:49:42.420232783 +0200
@@ -19,10 +19,10 @@
 %global _lto_cflags %{nil}
 
 Name:           dovecot23
-Version:        2.3.10
+Version:        2.3.10.1
 Release:        0
 %define pkg_name dovecot
-%define dovecot_version 2.3.10
+%define dovecot_version 2.3.10.1
 %define dovecot_pigeonhole_version 0.5.10
 %define dovecot_branch  2.3
 %define dovecot_pigeonhole_source_dir 
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}


++++++ dovecot-2.3.10.tar.gz -> dovecot-2.3.10.1.tar.gz ++++++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.10.tar.gz 
/work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot-2.3.10.1.tar.gz differ: 
char 5, line 1

commit dovecot23 for openSUSE:Factory

Reply via email to