From 8d7569cdedb2031ccb0d6a55453bf687e6d69b51 Mon Sep 17 00:00:00 2001 From: Larry Rosenman Date: Thu, 18 Apr 2019 15:22:06 +0000 Subject: [PATCH] mail/dovecot: upgrade to 2.3.5.2 * CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject header when OX push notification driver is used. MFH: 2019Q2 Security: CVE-2019-10691 --- mail/dovecot/Makefile | 2 +- mail/dovecot/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mail/dovecot/Makefile b/mail/dovecot/Makefile index 68773f3b5b2f..5d60af5e64d0 100644 --- a/mail/dovecot/Makefile +++ b/mail/dovecot/Makefile @@ -7,7 +7,7 @@ ###################################################################### PORTNAME= dovecot -PORTVERSION= 2.3.5.1 +PORTVERSION= 2.3.5.2 CATEGORIES= mail ipv6 MASTER_SITES= https://www.dovecot.org/releases/2.3/ diff --git a/mail/dovecot/distinfo b/mail/dovecot/distinfo index 21e2015c389e..677ab7ad45ef 100644 --- a/mail/dovecot/distinfo +++ b/mail/dovecot/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1553773734 -SHA256 (dovecot-2.3.5.1.tar.gz) = d78f9d479e3b2caa808160f86bfec1c9c7b46344d8b14b88f5fa9bbbf8c7c33f -SIZE (dovecot-2.3.5.1.tar.gz) = 6953150 +TIMESTAMP = 1555598613 +SHA256 (dovecot-2.3.5.2.tar.gz) = ba14e41aefd81a868a35b83bcb54194116106424d37690519b50ea83c0f31bf2 +SIZE (dovecot-2.3.5.2.tar.gz) = 6953228