Created attachment 232023 [details] update cyrus-sasl2 to 2.1.28 Update cyrus-sasl2* to 2.1.28.
^Triage: Security and bugfix release, incl: lib/common.c: CVE-2019-19906 Fix off by one error (#587) plugins/sql.c: CVE-2022-24407 Escape password for SQL insert/update commands.
Exp-run looks fine
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=d29e6c03261c9cf685efd70824f085f2e422bdcc commit d29e6c03261c9cf685efd70824f085f2e422bdcc Author: Hajimu UMEMOTO <ume@FreeBSD.org> AuthorDate: 2022-02-28 12:23:47 +0000 Commit: Hajimu UMEMOTO <ume@FreeBSD.org> CommitDate: 2022-02-28 12:29:36 +0000 security/cyrus-sasl2: Update to 2.1.28. PR: 262133 Relnotes: https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 Security: CVE-2019-19906, CVE-2022-24407 security/cyrus-sasl2-gssapi/Makefile | 1 - security/cyrus-sasl2-saslauthd/Makefile | 1 - security/cyrus-sasl2-saslauthd/pkg-plist | 1 + security/cyrus-sasl2-sql/Makefile | 1 - security/cyrus-sasl2/Makefile | 4 +- security/cyrus-sasl2/Makefile.common | 2 +- security/cyrus-sasl2/distinfo | 6 +- .../cyrus-sasl2/files/patch-plugins__sql.c (gone) | 66 ---------------------- .../files/patch-saslauthd__Makefile.in (gone) | 13 ----- 9 files changed, 6 insertions(+), 89 deletions(-)
A commit in branch 2022Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=bc5bbc834298deb23b866b7c450c6dc17a6d0e47 commit bc5bbc834298deb23b866b7c450c6dc17a6d0e47 Author: Hajimu UMEMOTO <ume@FreeBSD.org> AuthorDate: 2022-02-28 12:23:47 +0000 Commit: Hajimu UMEMOTO <ume@FreeBSD.org> CommitDate: 2022-02-28 12:32:07 +0000 security/cyrus-sasl2: Update to 2.1.28. PR: 262133 Relnotes: https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 Security: CVE-2019-19906, CVE-2022-24407 (cherry picked from commit d29e6c03261c9cf685efd70824f085f2e422bdcc) security/cyrus-sasl2-gssapi/Makefile | 1 - security/cyrus-sasl2-saslauthd/Makefile | 1 - security/cyrus-sasl2-saslauthd/pkg-plist | 1 + security/cyrus-sasl2-sql/Makefile | 1 - security/cyrus-sasl2/Makefile | 4 +- security/cyrus-sasl2/Makefile.common | 2 +- security/cyrus-sasl2/distinfo | 6 +- .../cyrus-sasl2/files/patch-plugins__sql.c (gone) | 66 ---------------------- .../files/patch-saslauthd__Makefile.in (gone) | 13 ----- 9 files changed, 6 insertions(+), 89 deletions(-)