dovecot: 2.3.11.3 -> 2.3.13

This fixes CVE_2020-24386, CVE-2020-25725 and a bunch of regular bugs [1]. * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. * CVE-2020-25275: Mail delivery / parsing crashed when the 10 000th MIME part was message/rfc822 (or if parent was multipart/digest). This happened due to earlier MIME parsing changes for CVE-2020-12100. [1] https://raw.githubusercontent.com/dovecot/core/2.3.13/NEWS
author: Andreas Rammhold <andreas@rammhold.de> 2021-01-04 17:35:06 +0100
committer: Andreas Rammhold <andreas@rammhold.de> 2021-01-04 17:37:32 +0100
commit: 58c7d3ff17a6e39110702acd69b81f12fab4c029 (patch)
tree: 05d76873d6711a65a5bd3c7e1d571437e2ee59f1
parent: 4445bb7284f43feb2f3253d8fb1964f901df5ba1 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/pkgs/servers/mail/dovecot/default.nix b/pkgs/servers/mail/dovecot/default.nix
index 1a11e065d938d..3e566f8aa5f73 100644
--- a/pkgs/servers/mail/dovecot/default.nix
+++ b/pkgs/servers/mail/dovecot/default.nix
@@ -10,7 +10,7 @@
 
 stdenv.mkDerivation rec {
   pname = "dovecot";
-  version = "2.3.11.3";
+  version = "2.3.13";
 
   nativeBuildInputs = [ perl pkgconfig ];
   buildInputs =
@@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "https://dovecot.org/releases/2.3/${pname}-${version}.tar.gz";
-    sha256 = "1p5gp8jbavcsaara5mfn5cbrnlxssajnchczbgmmfzr7228fmnfk";
+    sha256 = "1i7ijss79a23v7b6lycfzaa8r5rh01k0h0b9h0j4a6n11sw7by53";
   };
 
   enableParallelBuilding = true;
author	Andreas Rammhold <andreas@rammhold.de>	2021-01-04 17:35:06 +0100
committer	Andreas Rammhold <andreas@rammhold.de>	2021-01-04 17:37:32 +0100
commit	58c7d3ff17a6e39110702acd69b81f12fab4c029 (patch)
tree	05d76873d6711a65a5bd3c7e1d571437e2ee59f1
parent	4445bb7284f43feb2f3253d8fb1964f901df5ba1 (diff)