Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-05-19 14:49:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dovecot23" Tue May 19 14:49:37 2020 rev:29 rq:807017 version:2.3.10.1 Changes: -------- --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-05-07 14:55:34.206410488 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot23.changes 2020-05-19 14:49:41.740231275 +0200 @@ -1,0 +2,14 @@ +Mon May 18 14:04:52 UTC 2020 - Michael Ströder <mich...@stroeder.com> + +- update to 2.3.10.1 with security fixes for + * CVE-2020-10957: lmtp/submission: A client can crash the server by + sending a NOOP command with an invalid string parameter. + (boo#1171457) + * CVE-2020-10958: lmtp/submission: Sending many invalid or unknown + commands can cause the server to access freed memory, which can lead + to a server crash. (boo#1171458) + * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an + address that has the empty quoted string as local-part causes the + lmtp service to crash. (boo#1171456) + +------------------------------------------------------------------- Old: ---- dovecot-2.3.10.tar.gz dovecot-2.3.10.tar.gz.sig New: ---- dovecot-2.3.10.1.tar.gz dovecot-2.3.10.1.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dovecot23.spec ++++++ --- /var/tmp/diff_new_pack.IJDnZ9/_old 2020-05-19 14:49:42.416232774 +0200 +++ /var/tmp/diff_new_pack.IJDnZ9/_new 2020-05-19 14:49:42.420232783 +0200 @@ -19,10 +19,10 @@ %global _lto_cflags %{nil} Name: dovecot23 -Version: 2.3.10 +Version: 2.3.10.1 Release: 0 %define pkg_name dovecot -%define dovecot_version 2.3.10 +%define dovecot_version 2.3.10.1 %define dovecot_pigeonhole_version 0.5.10 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} ++++++ dovecot-2.3.10.tar.gz -> dovecot-2.3.10.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.10.tar.gz /work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot-2.3.10.1.tar.gz differ: char 5, line 1