6 updates. Including a (* Security fix *)!

  • 6 updates. Including a (* Security fix *)!

    Slackware Chanagelog/Security wrote:

    Wed Feb 6 00:29:25 UTC 2019
    ap/linuxdoc-tools-0.9.73-i586-1.txz: Upgraded.
    Upgraded to gtk-doc-1.29.
    Upgraded to asciidoc-8.6.10.
    Upgraded to perl-XML-SAX-1.00.
    Thanks to Stuart Winter.
    d/meson-0.49.2-i586-1.txz: Upgraded.
    d/python-setuptools-40.8.0-i586-1.txz: Upgraded.
    d/slacktrack-2.19-i586-1.txz: Upgraded.
    Thanks to Stuart Winter.
    l/imagemagick-6.9.10_26-i586-1.txz: Upgraded.
    n/dovecot-2.3.4.1-i586-1.txz: Upgraded.
    This update addresses security issues:
    CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
    certificate with missing username field (ssl_cert_username_field), under
    some configurations Dovecot mistakenly trusts the username provided via
    authentication instead of failing.
    ssl_cert_username_field setting was ignored with external SMTP AUTH,
    because none of the MTAs (Postfix, Exim) currently send the cert_username
    field. This may have allowed users with trusted certificate to specify any
    username in the authentication. This bug didn't affect Dovecot's
    Submission service.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814
    (* Security fix *)
    Source: mirrors.slackware.com/slackwar…src=feeds&time=1549412965