CVE-2019-11500
Bug #1842007 reported by
Bryce Harrington
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| dovecot (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Bug Description
* SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds
heap memory writes
- debian/
NULs in src/lib-
pigeonhol
make sure str_unescape won't be writing past allocated memory
in src/lib-
pieonhole
- CVE-2019-11500
Revision history for this message
| Bryce Harrington (bryce) wrote | #1 |
| Changed in dovecot (Ubuntu): | |
| importance: | Undecided → High |
| status: | New → Triaged |
Revision history for this message
| Bryce Harrington (bryce) wrote | #2 |
| Changed in dovecot (Ubuntu): | |
| status: | Triaged → Fix Committed |
| information type: | Private Security → Public Security |
| tags: | added: patch |
| Changed in dovecot (Ubuntu): | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Changes LGTM, thanks for identifying them. Upload tag pushed, and package uploaded:
$ git push -f pkg upload/
Counting objects: 5, done.
Delta compression using up to 6 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 871 bytes | 217.00 KiB/s, done.
Total 5 (delta 3), reused 0 (delta 0)
To ssh://git.
+ 0cb9544bd.
$ dput ubuntu dovecot_
Checking signature on .changes
gpg: /home/bryce/
Checking signature on .dsc
gpg: /home/bryce/
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading dovecot_
Uploading dovecot_
Uploading dovecot_
Uploading dovecot_
Successfully uploaded packages.