This is an old revision of the document!
Slackware64-current ChangeLog (2019-02-06)
Wed Feb 6 00:29:25 UTC 2019
Packages
Upgraded
- ap/linuxdoc-tools-0.9.73-x86_64-1.txz
Upgraded to gtk-doc-1.29.
Upgraded to asciidoc-8.6.10.
Upgraded to perl-XML-SAX-1.00.
Thanks to Stuart Winter. - d/slacktrack-2.19-x86_64-1.txz
Thanks to Stuart Winter. - n/dovecot-2.3.4.1-x86_64-1.txz
This update addresses security issues:
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
certificate with missing username field (ssl_cert_username_field), under
some configurations Dovecot mistakenly trusts the username provided via
authentication instead of failing.
ssl_cert_username_field setting was ignored with external SMTP AUTH,
because none of the MTAs (Postfix, Exim) currently send the cert_username
field. This may have allowed users with trusted certificate to specify any
username in the authentication. This bug didn't affect Dovecot's
Submission service.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814
(* Security fix *)