Re: Dovecot

From: Pete Wright via ports <ports_at_freebsd.org>
Date: Thu, 1 Jul 2021 16:02:18 -0700
On 7/1/21 3:59 PM, _at_lbutlr wrote:
> On 01 Jul 2021, at 16:45, The Doctor <doctor_at_doctor.nl2k.ab.ca> wrote:
>> On Thu, Jul 01, 2021 at 04:21:31PM -0600, _at_lbutlr wrote:
>>> The current version of dovecot is 2.3.15. The newest ports version is 2.3.13_1
>>>
>>> dovecot-2.3.13_1 is vulnerable:
>>>   dovecot -- multiple vulnerabilities
>>>   CVE: CVE-2021-33515
>>>   CVE: CVE-2021-29157
>>>   WWW: https://vuxml.FreeBSD.org/freebsd/d18f431d-d360-11eb-a32c-00a0989e4ec1.html
>>>
>>> dovecot-pigeonhole-0.5.13 is vulnerable:
>>>   dovecot-pigeonhole -- Sieve excessive resource usage
>>>   CVE: CVE-2020-28200
>>>   WWW: https://vuxml.FreeBSD.org/freebsd/f3fc2b50-d36a-11eb-a32c-00a0989e4ec1.html
>>>
>>> These CVEs were addressed in 2.3.14.1.
>>>
>>> Any idea what the delay is?
>> Where is the person responsible for the ports?
> No idea. Some people have emailed and received no reply.
>
>


looks like this is actively being worked on?
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256860

-pete

-- 
Pete Wright
pete_at_nomadlogic.org
_at_nomadlogicLA
Received on Thu Jul 01 2021 - 23:02:18 UTC

Original text of this message