mirror of
https://git.freebsd.org/ports.git
synced 2025-06-01 10:56:27 -04:00
72dd8d2ee6
- CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. - CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. - oauth2: Dovecot would send client_id and client_secret as POST parameters to introspection server. These need to be optionally in Basic auth instead as required by OIDC specification. - oauth2: JWT key type check was too strict. - oauth2: JWT token audience was not validated against client_id as required by OIDC specification. - oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol specific error message on all errors. This broke OIDC discovery. - oauth2: JWT aud validation was not performed if aud was missing from token, but was configured on Dovecot. https://dovecot.org/mailman3/hyperkitty/list/dovecot-news@dovecot.org/thread/2CSVL56LFPAXVLWMGXEIWZL736PSYHP5/ PR: 280866 Approved by: ler (maintainer) MFH: 2024Q3
3 lines
164 B
Text
3 lines
164 B
Text
TIMESTAMP = 1723829732
|
|
SHA256 (dovecot-2.3.21.1.tar.gz) = 2d90a178c4297611088bf7daae5492a3bc3d5ab6328c3a032eb425d2c249097e
|
|
SIZE (dovecot-2.3.21.1.tar.gz) = 7842044
|