-
Fri Aug 07 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-4
- fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756)
- fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761)
- fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768)
-
Mon Jun 01 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-3
- fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354)
- fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines
leads to use-after-free (#1840357)
- fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart
leads to DoS (#1840356)
-
Thu Jan 09 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-2
- fix default attributes for ghost files
-
Tue Nov 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-1
- dovecot updated to 2.3.8 with pigeonhole updated to 0.5.8 (#1653117)
-
Thu Aug 29 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-10
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes (#1741788)
-
Fri Aug 23 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-9
- reset errno before iterating through users (#1630410)
-
Mon Jun 17 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-8
- fix CVE-2019-3814: improper certificate validation (#1674370)
-
Fri Jun 14 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-7
- do not print error message when restorecon is not present
during install (#1626395)
- change default config to use minimal UID = 1000 (#1630410)
-
Mon Jun 10 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-6
- use OpenSSl implementation of HMAC, disable CRAM-MD5 when FIPS is enabled (#1618749)
-
Tue Oct 16 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-5
- make key not that bigger (#1618714)