Resolved Bugs
1216057 – CVE-2015-3420 dovecot: SSL/TLS handshake failures leading to a crash of the login process.
1216059 – CVE-2015-3420 dovecot: SSL/TLS handshake failures leading to a crash of the login process. [fedora-all]<br
fixes CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process
– dovecot updated to 2.2.16
– auth: Don’t crash if master user login is attempted without
any configured master=yes passdbs
– Parsing UTF-8 text for mails could have caused broken results
sometimes if buffering was split in the middle of a UTF-8 character.
This affected at least searching messages.
– String sanitization for some logged output wasn’t done properly:
UTF-8 text could have been truncated wrongly or the truncation may
not have happened at all.
– fts-lucene: Lookups from virtual mailbox consisting of over 32
physical mailboxes could have caused crashes.
– dovecot updated to 2.2.16
– auth: Don’t crash if master user login is attempted without
any configured master=yes passdbs
– Parsing UTF-8 text for mails could have caused broken results
sometimes if buffering was split in the middle of a UTF-8 character.
This affected at least searching messages.
– String sanitization for some logged output wasn’t done properly:
UTF-8 text could have been truncated wrongly or the truncation may
not have happened at all.
– fts-lucene: Lookups from virtual mailbox consisting of over 32
physical mailboxes could have caused crashes.