Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-04-19 18:38:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.5536 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "dovecot23" Fri Apr 19 18:38:42 2019 rev:17 rq:695556 version:2.3.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-04-04 15:27:27.338899173 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.5536/dovecot23.changes 2019-04-19 18:38:46.763214914 +0200 @@ -1,0 +2,11 @@ +Thu Apr 18 11:40:06 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> + +- update to 2.3.5.2 (boo#1132501) + * CVE-2019-10691: Trying to login with 8bit username containing + invalid UTF8 input causes auth process to crash if auth policy + is enabled. This could be used rather easily to cause a DoS. + Similar crash also happens during mail delivery when using + invalid UTF8 in From or Subject header when OX push + notification driver is used. + +------------------------------------------------------------------- @@ -4 +15 @@ -- update to 2.3.5.1 +- update to 2.3.5.1 (boo#1130116) Old: ---- dovecot-2.3.5.1.tar.gz dovecot-2.3.5.1.tar.gz.sig New: ---- dovecot-2.3.5.2.tar.gz dovecot-2.3.5.2.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dovecot23.spec ++++++ --- /var/tmp/diff_new_pack.UN8HQh/_old 2019-04-19 18:38:48.667217332 +0200 +++ /var/tmp/diff_new_pack.UN8HQh/_new 2019-04-19 18:38:48.671217337 +0200 @@ -17,10 +17,10 @@ Name: dovecot23 -Version: 2.3.5.1 +Version: 2.3.5.2 Release: 0 %define pkg_name dovecot -%define dovecot_version 2.3.5.1 +%define dovecot_version 2.3.5.2 %define dovecot_pigeonhole_version 0.5.5 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} ++++++ dovecot-2.3.5.1.tar.gz -> dovecot-2.3.5.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.5.1.tar.gz /work/SRC/openSUSE:Factory/.dovecot23.new.5536/dovecot-2.3.5.2.tar.gz differ: char 5, line 1