summaryrefslogtreecommitdiff
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt26
1 files changed, 26 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 5cb5c7f7..6c342148 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,29 @@
+Wed Feb 6 00:29:25 UTC 2019
+ap/linuxdoc-tools-0.9.73-x86_64-1.txz: Upgraded.
+ Upgraded to gtk-doc-1.29.
+ Upgraded to asciidoc-8.6.10.
+ Upgraded to perl-XML-SAX-1.00.
+ Thanks to Stuart Winter.
+d/meson-0.49.2-x86_64-1.txz: Upgraded.
+d/python-setuptools-40.8.0-x86_64-1.txz: Upgraded.
+d/slacktrack-2.19-x86_64-1.txz: Upgraded.
+ Thanks to Stuart Winter.
+l/imagemagick-6.9.10_26-x86_64-1.txz: Upgraded.
+n/dovecot-2.3.4.1-x86_64-1.txz: Upgraded.
+ This update addresses security issues:
+ CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
+ certificate with missing username field (ssl_cert_username_field), under
+ some configurations Dovecot mistakenly trusts the username provided via
+ authentication instead of failing.
+ ssl_cert_username_field setting was ignored with external SMTP AUTH,
+ because none of the MTAs (Postfix, Exim) currently send the cert_username
+ field. This may have allowed users with trusted certificate to specify any
+ username in the authentication. This bug didn't affect Dovecot's
+ Submission service.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814
+ (* Security fix *)
++--------------------------+
Mon Feb 4 21:50:36 UTC 2019
ap/zsh-5.7.1-x86_64-1.txz: Upgraded.
d/python-setuptools-40.7.3-x86_64-1.txz: Upgraded.