CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2021/06/22 05:29:28
Modified files:
mail/dovecot : Tag: OPENBSD_6_9 Makefile distinfo
mail/dovecot/patches: Tag: OPENBSD_6_9
patch-doc_example-config_Makefile_in
patch-doc_example-config_conf_d_Makefile_in
patch-src_master_master-settings_c
mail/dovecot/pkg: Tag: OPENBSD_6_9 PLIST-server
Log message:
update to Dovecot 2.3.15
CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
JWT tokens. This may be used to supply attacker controlled keys to
validate tokens, if attacker has local access.
CVE-2021-33515: On-path attacker could have injected plaintext commands
before STARTTLS negotiation that would be executed after STARTTLS
finished with the client.
