svn commit: r510075 - in head/mail: dovecot dovecot-pigeonhole
Larry Rosenman
ler at FreeBSD.org
Wed Aug 28 16:00:00 UTC 2019
Author: ler
Date: Wed Aug 28 15:59:59 2019
New Revision: 510075
URL: https://svnweb.freebsd.org/changeset/ports/510075
Log:
mail/dovecot,mail/dovecot-pigeonhole: fix CVE-2019-11500
Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
MFH: 2019Q3
Security: CVE-2019-11500
Modified:
head/mail/dovecot-pigeonhole/Makefile
head/mail/dovecot-pigeonhole/distinfo
head/mail/dovecot/Makefile
head/mail/dovecot/distinfo
Modified: head/mail/dovecot-pigeonhole/Makefile
==============================================================================
--- head/mail/dovecot-pigeonhole/Makefile Wed Aug 28 15:58:09 2019 (r510074)
+++ head/mail/dovecot-pigeonhole/Makefile Wed Aug 28 15:59:59 2019 (r510075)
@@ -2,8 +2,7 @@
# $FreeBSD$
PORTNAME= dovecot-pigeonhole
-PORTVERSION= 0.5.7.1
-PORTREVISION= 1
+PORTVERSION= 0.5.7.2
CATEGORIES= mail
MASTER_SITES= http://pigeonhole.dovecot.org/releases/${DOVECOTVERSION}/
DISTNAME= ${PORTNAME:C/-/-${DOVECOTVERSION}-/}-${PORTVERSION}
@@ -13,8 +12,8 @@ COMMENT= Sieve plugin for the Dovecot 'deliver' LDA an
LICENSE= LGPL21
-BUILD_DEPENDS= dovecot>=2.3.6:mail/dovecot
-RUN_DEPENDS= dovecot>=2.3.6:mail/dovecot
+BUILD_DEPENDS= dovecot>=2.3.7:mail/dovecot
+RUN_DEPENDS= dovecot>=2.3.7:mail/dovecot
DOVECOTVERSION= 2.3
Modified: head/mail/dovecot-pigeonhole/distinfo
==============================================================================
--- head/mail/dovecot-pigeonhole/distinfo Wed Aug 28 15:58:09 2019 (r510074)
+++ head/mail/dovecot-pigeonhole/distinfo Wed Aug 28 15:59:59 2019 (r510075)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1563891950
-SHA256 (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 3270b24c1f75a7c144f54d6d08ce994176e39c2cdb3ac4dd80ad5e64aaaa2028
-SIZE (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 1857291
+TIMESTAMP = 1567007127
+SHA256 (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = d59d0c5c5225a126e5b98bf95d75e8dd368bdeeb3da2e9766dbe4fddaa9411b0
+SIZE (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = 1857602
Modified: head/mail/dovecot/Makefile
==============================================================================
--- head/mail/dovecot/Makefile Wed Aug 28 15:58:09 2019 (r510074)
+++ head/mail/dovecot/Makefile Wed Aug 28 15:59:59 2019 (r510075)
@@ -7,7 +7,7 @@
######################################################################
PORTNAME= dovecot
-PORTVERSION= 2.3.7.1
+PORTVERSION= 2.3.7.2
CATEGORIES= mail ipv6
MASTER_SITES= https://dovecot.org/releases/2.3/
Modified: head/mail/dovecot/distinfo
==============================================================================
--- head/mail/dovecot/distinfo Wed Aug 28 15:58:09 2019 (r510074)
+++ head/mail/dovecot/distinfo Wed Aug 28 15:59:59 2019 (r510075)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1563891542
-SHA256 (dovecot-2.3.7.1.tar.gz) = c5a51d6f76e6e9c843df69e52a364a4c65c4c60e0c51d992eaa45f22f71803c3
-SIZE (dovecot-2.3.7.1.tar.gz) = 7076500
+TIMESTAMP = 1567006255
+SHA256 (dovecot-2.3.7.2.tar.gz) = 666ce084760a47e601d49a9be3c7993c48789d332631e8dfb45f443b367b1260
+SIZE (dovecot-2.3.7.2.tar.gz) = 7076231
More information about the svn-ports-all
mailing list