Re: Dovecot

Reply: Pete Wright via ports : "Re: Dovecot"
Reply: Kevin Oberman : "Re: Dovecot"
In reply to: The Doctor : "Re: Dovecot"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: @lbutlr <kremels_at_kreme.com>
Date: Thu, 01 Jul 2021 22:59:53 UTC

On 01 Jul 2021, at 16:45, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
> On Thu, Jul 01, 2021 at 04:21:31PM -0600, @lbutlr wrote:
>> The current version of dovecot is 2.3.15. The newest ports version is 2.3.13_1 
>> 
>> dovecot-2.3.13_1 is vulnerable:
>>  dovecot -- multiple vulnerabilities
>>  CVE: CVE-2021-33515
>>  CVE: CVE-2021-29157
>>  WWW: https://vuxml.FreeBSD.org/freebsd/d18f431d-d360-11eb-a32c-00a0989e4ec1.html
>> 
>> dovecot-pigeonhole-0.5.13 is vulnerable:
>>  dovecot-pigeonhole -- Sieve excessive resource usage
>>  CVE: CVE-2020-28200
>>  WWW: https://vuxml.FreeBSD.org/freebsd/f3fc2b50-d36a-11eb-a32c-00a0989e4ec1.html
>> 
>> These CVEs were addressed in 2.3.14.1.
>> 
>> Any idea what the delay is?
> 
> Where is the person responsible for the ports?

No idea. Some people have emailed and received no reply.


-- 
Bowling scores are way up, minigolf scores are way down, and we have
	more excellent waterslides than any other planet we communicate
	with