Summary: | <net-mail/dovecot-2.3.5.2: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tomáš Mózes <hydrapolic> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | eras, hanno |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | Flags: | stable-bot:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://dovecot.org/list/dovecot-news/2019-April/000406.html | ||
Whiteboard: | B3 [glsa+ cve glsa+] | ||
Package list: |
net-mail/dovecot-2.3.5.2
|
Runtime testing required: | --- |
Description
Tomáš Mózes
2019-04-18 09:30:32 UTC
FWIW bumping the existing dovecot-2.3.5.1.ebuild to dovecot-2.3.5.2.ebuild seems to work fine. 2.3.5.2 is not in tree yet. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f2896be569c065349d7259299890ac5f70f8aeb commit 3f2896be569c065349d7259299890ac5f70f8aeb Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2019-04-19 06:34:35 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2019-04-19 06:34:35 +0000 net-mail/dovecot: security bump to 2.3.5.2 Bug: https://bugs.gentoo.org/683732 Package-Manager: Portage-2.3.63, Repoman-2.3.12 Signed-off-by: Eray Aslan <eras@gentoo.org> net-mail/dovecot/Manifest | 1 + net-mail/dovecot/dovecot-2.3.5.2.ebuild | 294 ++++++++++++++++++++++++++++++++ 2 files changed, 295 insertions(+) Arches, please test and mark stable =net-mail/dovecot-2.3.5.2 TARGET KEYWORDS=alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 ~sparc x86 Thank you amd64 stable alpha stable arm stable x86 stable ia64 stable ppc stable ppc64 stable I'll do bug 684822 for hppa instead, so I guess this can be closed. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201908-29 at https://security.gentoo.org/glsa/201908-29 by GLSA coordinator Thomas Deutschmann (whissi). |