Name: | dovecot |
---|---|
Epoch: | 1 |
Version: | 2.3.16 |
Release: | 2.el8 |
Architecture: | aarch64 |
Group: | System Environment/Daemons |
Size: | 21571648 |
License: | MIT and LGPLv2 |
RPM: | dovecot-2.3.16-2.el8.aarch64.rpm |
Source RPM: | dovecot-2.3.16-2.el8.src.rpm |
Build Date: | Mon Apr 04 2022 |
Build Host: | build-ol8-aarch64.oracle.com |
Vendor: | Oracle America |
URL: | http://www.dovecot.org/ |
Summary: | Secure imap and pop3 server |
Description: | Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. |
- do not disable xz/lzma for now despite being deprecated
- dovecot updated to 2.3.16, pigeonhole to 0.5.16 - fix CVE-2021-33515 plaintext commands injection (#1980014)
- fix CVE-2020-24386 IMAP hibernation function allows mail access (#1913534)
- fix CVE-2020-25275 denial of service via mail MIME parsing (#1914019)
- change run directory from /var/run to /run (#1805947)
- fix mail storage block count parsing (#1894418) - MIME parser crashed when boundaries were wrong (#1888111)
- multilib compatibility (#1853137)
- fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756) - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761) - fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768)
- fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354) - fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines leads to use-after-free (#1840357) - fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart leads to DoS (#1840356)
- fix default attributes for ghost files