Summary: | <net-mail/dovecot-2.3.13: Multiple vulnerabilities (CVE-2020-24386, CVE-2020-25275) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Adrian <adrian> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | adrian, eras, marecki, orzel |
Priority: | Normal | Keywords: | CC-ARCHES, STABLEREQ |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=768870 | ||
Whiteboard: | B3 [cve glsa+] | ||
Package list: |
net-mail/dovecot-2.3.13-r100
|
Runtime testing required: | --- |
Bug Depends on: | 764713, 768501 | ||
Bug Blocks: |
Description
Adrian
2021-01-04 12:42:32 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ddd164e2402c15e598eb8ae615dfaa7a52b08a9 commit 1ddd164e2402c15e598eb8ae615dfaa7a52b08a9 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2021-01-05 09:35:39 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2021-01-05 09:35:39 +0000 net-mail/dovecot: security bump to 2.3.13 Bug: https://bugs.gentoo.org/763525 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Eray Aslan <eras@gentoo.org> net-mail/dovecot/Manifest | 2 + net-mail/dovecot/dovecot-2.3.13.ebuild | 293 +++++++++++++++++++++ .../files/dovecot-autoconf-lua-version.patch | 17 ++ .../files/dovecot-socket-name-too-long.patch | 11 + 4 files changed, 323 insertions(+) arches, please test and mark stable =net-mail/dovecot-2.3.13 thank you Sanity check failed:
> net-mail/dovecot-2.3.13
> depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (36 total)
> dev-lang/lua:5.1
> dev-lang/lua:5.2
> dev-lang/lua:5.3
> depend amd64 stable profile default/linux/amd64/17.1 (45 total)
> dev-lang/lua:5.1
> dev-lang/lua:5.2
> dev-lang/lua:5.3
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (36 total)
> dev-lang/lua:5.1
> dev-lang/lua:5.2
> dev-lang/lua:5.3
> rdepend amd64 stable profile default/linux/amd64/17.1 (45 total)
> dev-lang/lua:5.1
> dev-lang/lua:5.2
> dev-lang/lua:5.3
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a92f4e5c02b03f9b7bacc1c5ba200b5a8f60597a commit a92f4e5c02b03f9b7bacc1c5ba200b5a8f60597a Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2021-01-05 11:41:43 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2021-01-05 11:41:43 +0000 net-mail/dovecot: slotted lua is not stable yet Bug: https://bugs.gentoo.org/763525 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Eray Aslan <eras@gentoo.org> net-mail/dovecot/dovecot-2.3.13-r1.ebuild | 287 ++++++++++++++++++++++++++++++ 1 file changed, 287 insertions(+) arches, let's go wih =net-mail/dovecot-2.3.13-r1 as slotted lua is not stable yet. sorry for the email spam All sanity-check issues have been resolved amd64 done New GLSA request filed. ppc64 done arm done This issue was resolved and addressed in GLSA 202101-01 at https://security.gentoo.org/glsa/202101-01 by GLSA coordinator Sam James (sam_c). Full cleanup is blocked on bug 756217. @eras, could you update the mask/cleanup where possible for now? Reopening for remaining arches (not cleanup, oops!) x86 done *** Bug 768870 has been marked as a duplicate of this bug. *** ppc done x86 done s390 done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=416a8ad88987bf8480d2c5afc9db8af864b21e98 commit 416a8ad88987bf8480d2c5afc9db8af864b21e98 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2021-02-10 15:42:40 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2021-02-10 15:42:40 +0000 net-mail/dovecot: cleanup Bug: https://bugs.gentoo.org/763525 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Eray Aslan <eras@gentoo.org> net-mail/dovecot/Manifest | 2 - net-mail/dovecot/dovecot-2.3.11.3-r1.ebuild | 296 -------------------- net-mail/dovecot/dovecot-2.3.11.3-r2.ebuild | 297 --------------------- net-mail/dovecot/dovecot-2.3.11.3.ebuild | 290 -------------------- net-mail/dovecot/dovecot-2.3.13.ebuild | 293 -------------------- .../dovecot/files/dovecot-2.3.11.3-apop-fix.patch | 60 ----- .../dovecot/files/dovecot-fix-search-crash.patch | 91 ------- net-mail/dovecot/metadata.xml | 1 - 8 files changed, 1330 deletions(-) Thanks a bunch Eras. All done! |