CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2021/06/22 05:30:24
Modified files:
mail/dovecot-pigeonhole: Makefile distinfo
Log message:
update to Dovecot-pigeonhole 0.5.15, from Brad (maintainer)
CVE-2020-28200: Sieve interpreter is not protected against abusive
scripts that claim excessive resource usage. Fixed by limiting the
user CPU time per single script execution and cumulatively over
several script runs within a configurable timeout period. Sufficiently
large CPU time usage is summed in the Sieve script binary and execution
is blocked when the sum exceeds the limit within that time. The block
is lifted when the script is updated after the resource usage times out.
