From c5f9b065f6cc2c5b1978b7e30db55f3c241446af Mon Sep 17 00:00:00 2001 From: "andre.peters" Date: Thu, 1 Feb 2018 22:27:48 +0100 Subject: [PATCH] [Dovecot] Fixes CVE-2017-15132 --- data/Dockerfiles/dovecot/Dockerfile | 1 + docker-compose.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile index 10604748..aec56676 100644 --- a/data/Dockerfiles/dovecot/Dockerfile +++ b/data/Dockerfiles/dovecot/Dockerfile @@ -65,6 +65,7 @@ RUN apt-get update && apt-get -y --no-install-recommends install \ RUN curl https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz | tar xvz \ && cd dovecot-$DOVECOT_VERSION \ + && sed '/call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);/a pool_unref(&request->pool);' src/lib-auth/auth-client-request.c \ && ./configure --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \ && make -j3 \ && make install \ diff --git a/docker-compose.yml b/docker-compose.yml index 69624805..dfa5cba7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -163,7 +163,7 @@ services: - sogo dovecot-mailcow: - image: mailcow/dovecot:1.18 + image: mailcow/dovecot:1.19 build: ./data/Dockerfiles/dovecot cap_add: - NET_BIND_SERVICE