Summary: | <net-mail/dovecot-2.3.6 - Submission-login crashes (with signal 11 due to null pointer access when authentication is aborted by disconnecting|when authentication is started over TLS secured channel and invalid authentication message is sent) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | eras, hydrapolic |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-mail/dovecot-2.3.6
|
Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2019-04-30 16:54:01 UTC
FWIW, bumping the current ebuild to 2.3.6 worked here (amd64) with no modifications. (In reply to Jeroen Roovers from comment #0) > https://dovecot.org/list/dovecot-news/2019-April/000409.html > CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer > access when authentication is aborted by disconnecting > > https://dovecot.org/list/dovecot-news/2019-April/000410.html > CVE-2019-11499: Submission-login crashes when authentication is started over > TLS secured channel and invalid authentication message is sent 2.3.6 is not in tree yet. Please do not add the version information to the summary until it is. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7323d59995cb41a4bf537beb3d80671048752330 commit 7323d59995cb41a4bf537beb3d80671048752330 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2019-05-04 05:45:20 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2019-05-04 05:45:20 +0000 net-mail/dovecot: security bump to 2.3.6 Bug: https://bugs.gentoo.org/684822 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Eray Aslan <eras@gentoo.org> net-mail/dovecot/Manifest | 2 + net-mail/dovecot/dovecot-2.3.6.ebuild | 294 ++++++++++++++++++++++++++++++++++ 2 files changed, 296 insertions(+) Arches, please test and mark stable =net-mail/dovecot-2.3.5.2 TARGET KEYWORDS=alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 ~sparc x86 Thank you amd64 stable hppa stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3414d51126bd2e28f385d8cdd2e801b40f0a551e commit 3414d51126bd2e28f385d8cdd2e801b40f0a551e Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-05-07 20:13:21 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-05-07 20:13:32 +0000 net-mail/dovecot-2.3.6-r0: alpha stable Bug: http://bugs.gentoo.org/684822 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> net-mail/dovecot/dovecot-2.3.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) arm stable x86 stable ia64 stable ppc64 stable s390 stable. Maintainer(s), please cleanup. ppc stable. Maintainer(s), please cleanup. cleanup done. dovecot-2.2.36.3 is not vulnerable btw. thank you |