Sicherheit: Mangelnde Eingabeprüfung in isync

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2021-954ebabcf7
2021-03-03 23:24:23.985910
-------------------------------------------------------------------------------
-

Name : isync
Product : Fedora 32
Version : 1.4.1
Release : 1.fc32
URL : http://isync.sourceforge.net/
Summary : Tool to synchronize IMAP4 and Maildir mailboxes
Description :
mbsync is a command line application which synchronizes mailboxes. Currently
Maildir and IMAP4 mailboxes are supported. New messages, message deletions
and flag changes can be propagated both ways. mbsync is suitable for use in
IMAP-disconnected mode.

-------------------------------------------------------------------------------
-
Update Information:

Update to latest upstream release 1.4.1 (#1931574)
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Feb 22 2021 Fabian Affolter <mail@fabian-affolter.ch> - 1.4.1-1
- Update to latest upstream release 1.4.1 (#1931574)
- Fix CVE-2021-20247 (#1931597, #1931598)
* Thu Feb 4 2021 Fabian Affolter <mail@fabian-affolter.ch> - 1.4.0-1
- Update to latest upstream release 1.4.0 (#1924724)
* Wed Feb 3 2021 Fabian Affolter <mail@fabian-affolter.ch> - 1.3.4-1
- Update to latest upstream release 1.3.4 (#1924724)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> -
1.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Aug 6 2020 Fabian Affolter <mail@fabian-affolter.ch> - 1.3.3-1
- Update to latest upstream release 1.3.3 (#1865992)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> -
1.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jul 10 2020 Fabian Affolter <mail@fabian-affolter.ch> - 1.3.2-1
- Update to latest upstream release 1.3.2 (#1854842)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1931574 - isync-1.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1931574
[ 2 ] Bug #1931597 - CVE-2021-20247 isync: isync/mbsync: mailbox names
returned by IMAP LIST/LSUB not validated [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1931597
[ 3 ] Bug #1931598 - CVE-2021-20247 isync: isync/mbsync: mailbox names
returned by IMAP LIST/LSUB not validated [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1931598
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-954ebabcf7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure