Summary: | <net-mail/dovecot-2.3.5.1: Buffer overflow when reading extension header from dovecot index files | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | eras, hanno, net-mail+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2019/03/28/1 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
net-mail/dovecot-2.3.5.1
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 677350 |
Description
Agostino Sarubbo
2019-03-28 13:16:24 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aebf54df234b6fe8e8879adae952f7603471caae commit aebf54df234b6fe8e8879adae952f7603471caae Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2019-03-29 14:01:58 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2019-03-29 14:01:58 +0000 net-mail/dovecot: security bump to 2.3.5.1 Bug: https://bugs.gentoo.org/681922 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Eray Aslan <eras@gentoo.org> net-mail/dovecot/Manifest | 1 + net-mail/dovecot/dovecot-2.3.5.1.ebuild | 294 ++++++++++++++++++++++++++++++++ 2 files changed, 295 insertions(+) Arches, please test and mark stable =net-mail/dovecot-2.3.5.1 TARGET KEYWORDS=alpha amd64 arm ~hppa ia64 ~mips ppc ppc64 s390 ~sparc x86 Thank you missed hppa TARGET KEYWORDS=alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 ~sparc x86 amd64 stable x86 stable New GLSA Request filed. arm stable ia64 stable ppc64 stable ppc stable arm stable hppa stable alpha stable s390 stable @maintainer, please drop vulnerable. This issue was resolved and addressed in GLSA 201904-19 at https://security.gentoo.org/glsa/201904-19 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup cleanup done |