From 05538a2b6dae06b52a4533f94999286b4c89a916 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Wed, 6 Feb 2019 00:29:25 +0000 Subject: Wed Feb 6 00:29:25 UTC 2019 ap/linuxdoc-tools-0.9.73-x86_64-1.txz: Upgraded. Upgraded to gtk-doc-1.29. Upgraded to asciidoc-8.6.10. Upgraded to perl-XML-SAX-1.00. Thanks to Stuart Winter. d/meson-0.49.2-x86_64-1.txz: Upgraded. d/python-setuptools-40.8.0-x86_64-1.txz: Upgraded. d/slacktrack-2.19-x86_64-1.txz: Upgraded. Thanks to Stuart Winter. l/imagemagick-6.9.10_26-x86_64-1.txz: Upgraded. n/dovecot-2.3.4.1-x86_64-1.txz: Upgraded. This update addresses security issues: CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field. This may have allowed users with trusted certificate to specify any username in the authentication. This bug didn't affect Dovecot's Submission service. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814 (* Security fix *) --- source/n/dovecot/dovecot.SlackBuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source/n/dovecot') diff --git a/source/n/dovecot/dovecot.SlackBuild b/source/n/dovecot/dovecot.SlackBuild index 3c1eac591..5e9b7a5c8 100755 --- a/source/n/dovecot/dovecot.SlackBuild +++ b/source/n/dovecot/dovecot.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=dovecot VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} if [ -z "$ARCH" ]; then case "$( uname -m )" in -- cgit v1.2.3