[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add commits for CVE-2017-15130/dovecot

Salvatore Bonaccorso carnil at debian.org
Thu Mar 1 06:41:08 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce4c20f5 by Salvatore Bonaccorso at 2018-03-01T07:40:48+01:00
Add commits for CVE-2017-15130/dovecot

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -26159,10 +26159,16 @@ CVE-2017-15131 (It was found that system umask policy is not being honored when 
 	NOTE: sessions.
 	NOTE: Enforcements can be achieved e.g. by using pam_umask.
 	NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=102303
-CVE-2017-15130
+CVE-2017-15130 [TLS SNI config lookups are inefficient and can be used for DoS]
 	RESERVED
 	- dovecot <unfixed>
 	NOTE: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
+	NOTE: https://github.com/dovecot/core/commit/22311315b9f780211329c1522eb5aaa4faaa9391
+	NOTE: https://github.com/dovecot/core/commit/f3504763c27c2661716c0d1dbd3e0fc662107a21
+	NOTE: https://github.com/dovecot/core/commit/02da33a59fddd51cc3b8d95989de95574b7332f1
+	NOTE: https://github.com/dovecot/core/commit/390592e6af07e02064ebdbb1bbcf06528887370f
+	NOTE: https://github.com/dovecot/core/commit/bc27538d084e01a7a1aca3330e27aebfc0e311eb
+	NOTE: https://github.com/dovecot/core/commit/00016646cc32a3fa1cf54c22ed7388ed06bbc0f1
 CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code ...)
 	- linux 4.14.12-1
 	[stretch] - linux 4.9.80-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ce4c20f57f8e38ec305b87b8fdab822303918672

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ce4c20f57f8e38ec305b87b8fdab822303918672
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180301/4a580ef2/attachment.html>

More information about the Secure-testing-commits mailing list