diff options
author | Andreas Rammhold <andreas@rammhold.de> | 2021-01-04 17:35:06 +0100 |
---|---|---|
committer | Andreas Rammhold <andreas@rammhold.de> | 2021-01-04 17:37:32 +0100 |
commit | 58c7d3ff17a6e39110702acd69b81f12fab4c029 (patch) | |
tree | 05d76873d6711a65a5bd3c7e1d571437e2ee59f1 | |
parent | 4445bb7284f43feb2f3253d8fb1964f901df5ba1 (diff) |
dovecot: 2.3.11.3 -> 2.3.13
This fixes CVE_2020-24386, CVE-2020-25725 and a bunch of regular bugs [1]. * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. * CVE-2020-25275: Mail delivery / parsing crashed when the 10 000th MIME part was message/rfc822 (or if parent was multipart/digest). This happened due to earlier MIME parsing changes for CVE-2020-12100. [1] https://raw.githubusercontent.com/dovecot/core/2.3.13/NEWS
-rw-r--r-- | pkgs/servers/mail/dovecot/default.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkgs/servers/mail/dovecot/default.nix b/pkgs/servers/mail/dovecot/default.nix index 1a11e065d938d..3e566f8aa5f73 100644 --- a/pkgs/servers/mail/dovecot/default.nix +++ b/pkgs/servers/mail/dovecot/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { pname = "dovecot"; - version = "2.3.11.3"; + version = "2.3.13"; nativeBuildInputs = [ perl pkgconfig ]; buildInputs = @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://dovecot.org/releases/2.3/${pname}-${version}.tar.gz"; - sha256 = "1p5gp8jbavcsaara5mfn5cbrnlxssajnchczbgmmfzr7228fmnfk"; + sha256 = "1i7ijss79a23v7b6lycfzaa8r5rh01k0h0b9h0j4a6n11sw7by53"; }; enableParallelBuilding = true; |