ChangeLog for: 2021-06-21 19:26:35
kde/kid3-3.8.7-x86_64-1.txz: Upgraded.
l/openexr-2.5.7-x86_64-1.txz: Upgraded.
n/dovecot-2.3.15-x86_64-1.txz: Upgraded.
This update fixes security issues:
Dovecot did not correctly escape kid and azp fields in JWT tokens. This may
be used to supply attacker controlled keys to validate tokens, if attacker
has local access.
On-path attacker could have injected plaintext commands before STARTTLS
negotiation that would be executed after STARTTLS finished with the client.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33515
(* Security fix *)
x/libva-2.12.0-x86_64-1.txz: Upgraded.