diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2019-02-06 00:29:25 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2019-02-06 08:59:42 +0100 |
| commit | 05538a2b6dae06b52a4533f94999286b4c89a916 (patch) | |
| tree | 3d459fe6cf48cbda01f31597eaf1ccd8a8ca4678 /ChangeLog.rss | |
| parent | d2c74e4a2e54d27d10eded3c422abf233dafdab8 (diff) | |
| download | current-05538a2b6dae06b52a4533f94999286b4c89a916.tar.gz current-05538a2b6dae06b52a4533f94999286b4c89a916.tar.xz | |
Wed Feb 6 00:29:25 UTC 201920190206002925
ap/linuxdoc-tools-0.9.73-x86_64-1.txz: Upgraded.
Upgraded to gtk-doc-1.29.
Upgraded to asciidoc-8.6.10.
Upgraded to perl-XML-SAX-1.00.
Thanks to Stuart Winter.
d/meson-0.49.2-x86_64-1.txz: Upgraded.
d/python-setuptools-40.8.0-x86_64-1.txz: Upgraded.
d/slacktrack-2.19-x86_64-1.txz: Upgraded.
Thanks to Stuart Winter.
l/imagemagick-6.9.10_26-x86_64-1.txz: Upgraded.
n/dovecot-2.3.4.1-x86_64-1.txz: Upgraded.
This update addresses security issues:
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
certificate with missing username field (ssl_cert_username_field), under
some configurations Dovecot mistakenly trusts the username provided via
authentication instead of failing.
ssl_cert_username_field setting was ignored with external SMTP AUTH,
because none of the MTAs (Postfix, Exim) currently send the cert_username
field. This may have allowed users with trusted certificate to specify any
username in the authentication. This bug didn't affect Dovecot's
Submission service.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814
(* Security fix *)
Diffstat (limited to 'ChangeLog.rss')
| -rw-r--r-- | ChangeLog.rss | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 444d5e646..6dc47f8a5 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,44 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Mon, 4 Feb 2019 21:50:36 GMT</pubDate> - <lastBuildDate>Tue, 5 Feb 2019 07:59:41 GMT</lastBuildDate> + <pubDate>Wed, 6 Feb 2019 00:29:25 GMT</pubDate> + <lastBuildDate>Wed, 6 Feb 2019 07:59:39 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.10</generator> <item> + <title>Wed, 6 Feb 2019 00:29:25 GMT</title> + <pubDate>Wed, 6 Feb 2019 00:29:25 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20190206002925</link> + <guid isPermaLink="false">20190206002925</guid> + <description> + <![CDATA[<pre> +ap/linuxdoc-tools-0.9.73-x86_64-1.txz: Upgraded. + Upgraded to gtk-doc-1.29. + Upgraded to asciidoc-8.6.10. + Upgraded to perl-XML-SAX-1.00. + Thanks to Stuart Winter. +d/meson-0.49.2-x86_64-1.txz: Upgraded. +d/python-setuptools-40.8.0-x86_64-1.txz: Upgraded. +d/slacktrack-2.19-x86_64-1.txz: Upgraded. + Thanks to Stuart Winter. +l/imagemagick-6.9.10_26-x86_64-1.txz: Upgraded. +n/dovecot-2.3.4.1-x86_64-1.txz: Upgraded. + This update addresses security issues: + CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted + certificate with missing username field (ssl_cert_username_field), under + some configurations Dovecot mistakenly trusts the username provided via + authentication instead of failing. + ssl_cert_username_field setting was ignored with external SMTP AUTH, + because none of the MTAs (Postfix, Exim) currently send the cert_username + field. This may have allowed users with trusted certificate to specify any + username in the authentication. This bug didn't affect Dovecot's + Submission service. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814 + (* Security fix *) + </pre>]]> + </description> + </item> + <item> <title>Mon, 4 Feb 2019 21:50:36 GMT</title> <pubDate>Mon, 4 Feb 2019 21:50:36 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20190204215036</link> |