From 05538a2b6dae06b52a4533f94999286b4c89a916 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Wed, 6 Feb 2019 00:29:25 +0000
Subject: Wed Feb  6 00:29:25 UTC 2019

ap/linuxdoc-tools-0.9.73-x86_64-1.txz:  Upgraded.
  Upgraded to gtk-doc-1.29.
  Upgraded to asciidoc-8.6.10.
  Upgraded to perl-XML-SAX-1.00.
  Thanks to Stuart Winter.
d/meson-0.49.2-x86_64-1.txz:  Upgraded.
d/python-setuptools-40.8.0-x86_64-1.txz:  Upgraded.
d/slacktrack-2.19-x86_64-1.txz:  Upgraded.
  Thanks to Stuart Winter.
l/imagemagick-6.9.10_26-x86_64-1.txz:  Upgraded.
n/dovecot-2.3.4.1-x86_64-1.txz:  Upgraded.
  This update addresses security issues:
  CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
  certificate with missing username field (ssl_cert_username_field), under
  some configurations Dovecot mistakenly trusts the username provided via
  authentication instead of failing.
  ssl_cert_username_field setting was ignored with external SMTP AUTH,
  because none of the MTAs (Postfix, Exim) currently send the cert_username
  field. This may have allowed users with trusted certificate to specify any
  username in the authentication. This bug didn't affect Dovecot's
  Submission service.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814
  (* Security fix *)
---
 ChangeLog.rss | 38 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 36 insertions(+), 2 deletions(-)

(limited to 'ChangeLog.rss')

diff --git a/ChangeLog.rss b/ChangeLog.rss
index 444d5e646..6dc47f8a5 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,9 +11,43 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Mon,  4 Feb 2019 21:50:36 GMT</pubDate>
-      <lastBuildDate>Tue,  5 Feb 2019 07:59:41 GMT</lastBuildDate>
+      <pubDate>Wed,  6 Feb 2019 00:29:25 GMT</pubDate>
+      <lastBuildDate>Wed,  6 Feb 2019 07:59:39 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.10</generator>
+      <item>
+         <title>Wed,  6 Feb 2019 00:29:25 GMT</title>
+         <pubDate>Wed,  6 Feb 2019 00:29:25 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20190206002925</link>
+         <guid isPermaLink="false">20190206002925</guid>
+         <description>
+           <![CDATA[<pre>
+ap/linuxdoc-tools-0.9.73-x86_64-1.txz:  Upgraded.
+  Upgraded to gtk-doc-1.29.
+  Upgraded to asciidoc-8.6.10.
+  Upgraded to perl-XML-SAX-1.00.
+  Thanks to Stuart Winter.
+d/meson-0.49.2-x86_64-1.txz:  Upgraded.
+d/python-setuptools-40.8.0-x86_64-1.txz:  Upgraded.
+d/slacktrack-2.19-x86_64-1.txz:  Upgraded.
+  Thanks to Stuart Winter.
+l/imagemagick-6.9.10_26-x86_64-1.txz:  Upgraded.
+n/dovecot-2.3.4.1-x86_64-1.txz:  Upgraded.
+  This update addresses security issues:
+  CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
+  certificate with missing username field (ssl_cert_username_field), under
+  some configurations Dovecot mistakenly trusts the username provided via
+  authentication instead of failing.
+  ssl_cert_username_field setting was ignored with external SMTP AUTH,
+  because none of the MTAs (Postfix, Exim) currently send the cert_username
+  field. This may have allowed users with trusted certificate to specify any
+  username in the authentication. This bug didn't affect Dovecot's
+  Submission service.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
       <item>
          <title>Mon,  4 Feb 2019 21:50:36 GMT</title>
          <pubDate>Mon,  4 Feb 2019 21:50:36 GMT</pubDate>
-- 
cgit v1.2.3