On 7/1/21 3:59 PM, @lbutlr wrote:
On 01 Jul 2021, at 16:45, The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
On Thu, Jul 01, 2021 at 04:21:31PM -0600, @lbutlr wrote:
The current version of dovecot is 2.3.15. The newest ports version is 2.3.13_1
dovecot-2.3.13_1 is vulnerable:
dovecot -- multiple vulnerabilities
CVE: CVE-2021-33515
CVE: CVE-2021-29157
WWW:
https://vuxml.FreeBSD.org/freebsd/d18f431d-d360-11eb-a32c-00a0989e4ec1.html
dovecot-pigeonhole-0.5.13 is vulnerable:
dovecot-pigeonhole -- Sieve excessive resource usage
CVE: CVE-2020-28200
WWW:
https://vuxml.FreeBSD.org/freebsd/f3fc2b50-d36a-11eb-a32c-00a0989e4ec1.html
These CVEs were addressed in 2.3.14.1.
Any idea what the delay is?
Where is the person responsible for the ports?
No idea. Some people have emailed and received no reply.
looks like this is actively being worked on?
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256860
-pete
--
Pete Wright
p...@nomadlogic.org
@nomadlogicLA
