Summary: | ~net-mail/dovecot-2.3.9.2: multiple vulnerabilities (CVE-2020-{7046,7957}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | eras, hanno, hydrapolic, jaak |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2020/q1/71 | ||
See Also: | https://github.com/gentoo/gentoo/pull/14644 | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
filip ambroz
2020-02-12 14:25:21 UTC
FYI, just copying the existing 2.3.9.2 -> 2.3.9.3 and rebuilding seems to work fine. I don't know if it is considered helpful, or bad form, to submit a PR for a maintained package. I will do so, but tell me if I should stop ;) CVE-2020-7046: https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html CVE-2020-7957: https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5bd3540c37952e7ea38c17232411834884708b9c commit 5bd3540c37952e7ea38c17232411834884708b9c Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2020-02-12 17:58:51 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-02-13 10:22:21 +0000 net-mail/dovecot: bump to fix CVE-2020-7046, CVE-2020-7957 Simple bump from 2.3.9.2. Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/709386 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Eray Aslan <eras@gentoo.org> net-mail/dovecot/Manifest | 1 + net-mail/dovecot/dovecot-2.3.9.3.ebuild | 286 ++++++++++++++++++++++++++++++++ 2 files changed, 287 insertions(+) stablereq 2.3.9.3 (security team please correct me if this was wrong step to do) *** Bug 709482 has been marked as a duplicate of this bug. *** No stable version affected. @ Maintainer(s): Please cleanup and drop =net-mail/dovecot-2.3.8! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83b213b07bce1b76cc090b0be6d263df4a7413d1 commit 83b213b07bce1b76cc090b0be6d263df4a7413d1 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2020-02-14 05:43:18 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-02-14 05:43:18 +0000 net-mail/dovecot: remove vulnerable version Bug: https://bugs.gentoo.org/709386 Package-Manager: Portage-2.3.88, Repoman-2.3.20 Signed-off-by: Eray Aslan <eras@gentoo.org> net-mail/dovecot/Manifest | 1 - net-mail/dovecot/dovecot-2.3.9.2.ebuild | 286 -------------------------------- 2 files changed, 287 deletions(-) GLSA Vote: No! Repository is clean, all done! |