CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2021/06/22 05:29:26
Modified files:
mail/dovecot : Makefile distinfo
mail/dovecot/patches: patch-doc_example-config_Makefile_in
patch-doc_example-config_conf_d_Makefile_in
patch-src_master_master-settings_c
mail/dovecot/pkg: PLIST-server
Log message:
update to Dovecot 2.3.15
CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
JWT tokens. This may be used to supply attacker controlled keys to
validate tokens, if attacker has local access.
CVE-2021-33515: On-path attacker could have injected plaintext commands
before STARTTLS negotiation that would be executed after STARTTLS
finished with the client.
