CVE-2019-11500
Bug #1842007 reported by
Bryce Harrington
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dovecot (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
* SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds
heap memory writes
- debian/
NULs in src/lib-
pigeonhol
make sure str_unescape won't be writing past allocated memory
in src/lib-
pieonhole
- CVE-2019-11500
information type: | Private Security → Public Security |
tags: | added: patch |
Changed in dovecot (Ubuntu): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Changes LGTM, thanks for identifying them. Upload tag pushed, and package uploaded:
$ git push -f pkg upload/ 1%2.3.4. 1-5ubuntu3 launchpad. net/~usd- import- team/ubuntu/ +source/ dovecot ..dd6d659a5 upload/ 1%2.3.4. 1-5ubuntu3 -> upload/ 1%2.3.4. 1-5ubuntu3 (forced update)
Counting objects: 5, done.
Delta compression using up to 6 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 871 bytes | 217.00 KiB/s, done.
Total 5 (delta 3), reused 0 (delta 0)
To ssh://git.
+ 0cb9544bd.
$ dput ubuntu dovecot_ 2.3.4.1- 5ubuntu3_ source. changes ubuntu/ Dovecot/ sponsor. lp1842007/ dovecot_ 2.3.4.1- 5ubuntu3_ source. changes: Valid signature from E603B2578FB8F0FB ubuntu/ Dovecot/ sponsor. lp1842007/ dovecot_ 2.3.4.1- 5ubuntu3. dsc: Valid signature from E603B2578FB8F0FB 2.3.4.1- 5ubuntu3. dsc: done. 2.3.4.1- 5ubuntu3. debian. tar.xz: done. 2.3.4.1- 5ubuntu3_ source. buildinfo: done. 2.3.4.1- 5ubuntu3_ source. changes: done.
Checking signature on .changes
gpg: /home/bryce/
Checking signature on .dsc
gpg: /home/bryce/
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading dovecot_
Uploading dovecot_
Uploading dovecot_
Uploading dovecot_
Successfully uploaded packages.