CVSROOT: /cvs Module name: ports Changes by: st...@cvs.openbsd.org 2021/06/22 05:29:26
Modified files: mail/dovecot : Makefile distinfo mail/dovecot/patches: patch-doc_example-config_Makefile_in patch-doc_example-config_conf_d_Makefile_in patch-src_master_master-settings_c mail/dovecot/pkg: PLIST-server Log message: update to Dovecot 2.3.15 CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client.