Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#12005 closed enhancement (fixed)

dovecot-2.3.6

Reported by: Bruce Dubbs Owned by: Tim Tassonis
Priority: normal Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by Tim Tassonis)

New point version.

Change History (3)

comment:1 by Tim Tassonis, 2 years ago

Description: modified (diff)
Owner: changed from blfs-book to Tim Tassonis
Status: newassigned
Summary: dovecot-2.3.5dovecot-2.3.6

Changes


  • CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting.
  • CVE-2019-11499: Submission-login crashed when authentication was started over TLS secured channel and invalid authentication message was sent.
  • auth: Support password grant with passdb oauth2.

+ Use system default CAs for outbound TLS connections. + Simplify array handling with new helper macros. + fts_solr: Enable configuring batch_size and soft_commit features.

  • lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang when XCLIENT commands were sent infinitely to the remote server.
  • lmtp/submission: Forwarded multi-line replies were erroneously sent as two replies to the client.
  • lib-smtp: client: Message was not guaranteed to contain CRLF consistently when CHUNKING was used.
  • fts_solr: Plugin was no longer compatible with Solr 7.
  • Make it possible to disable certificate checking without setting ssl_client_ca_* settings.
  • pop3c: SSL support was broken.
  • mysql: Closing connection twice lead to crash on some systems.
  • auth: Multiple oauth2 passdbs crashed auth process on deinit.
  • HTTP client connection errors infrequently triggered a segmentation fault when the connection was idle and not used for a particular client instance.

comment:2 by Tim Tassonis, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed in revision 21531.

comment:3 by Bruce Dubbs, 2 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.