nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-27 09:23:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

dovecot: 2.3.11.3 -> 2.3.13

Browse Source 
This fixes CVE_2020-24386, CVE-2020-25725 and a bunch of regular bugs
[1].

* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
	  allow logged in user to access other people's emails and filesystem
	  information.

* CVE-2020-25275: Mail delivery / parsing crashed when the 10 000th MIME part was
  message/rfc822 (or if parent was multipart/digest). This happened
  due to earlier MIME parsing changes for CVE-2020-12100.

[1] https://raw.githubusercontent.com/dovecot/core/2.3.13/NEWS
This commit is contained in:
Andreas Rammhold 2021-01-04 17:35:06 +01:00
parent 4445bb7284
commit 58c7d3ff17
No known key found for this signature in database
GPG Key ID: E432E410B5E48C86
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/servers/mail/dovecot/default.nix
View File

@ -10,7 +10,7 @@
stdenv.mkDerivation rec {
pname = "dovecot";
version = "2.3.11.3";
version = "2.3.13";
nativeBuildInputs = [ perl pkgconfig ];
buildInputs =
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://dovecot.org/releases/2.3/${pname}-${version}.tar.gz";
sha256 = "1p5gp8jbavcsaara5mfn5cbrnlxssajnchczbgmmfzr7228fmnfk";
sha256 = "1i7ijss79a23v7b6lycfzaa8r5rh01k0h0b9h0j4a6n11sw7by53";
};
enableParallelBuilding = true;