Merge dovecot from Debian Unstable for 22.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dovecot (Ubuntu) |
Invalid
|
Medium
|
Bryce Harrington |
Bug Description
[NOTE: This is a POC bug for canonical-server merge planning/workflow changes]
Upstream: 2.3.16
Debian: 1:2.3.13+dfsg1-2
Ubuntu: 1:2.3.13+
Scheduled-For: 2022.02
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### New Debian Changes ###
dovecot (1:2.3.13+dfsg1-2) unstable; urgency=high
* Import upstream fixes for security issues (Closes: #990566):
- CVE-2021-29157: Path traversal issue allowing an attacker with
access to the local filesystem can trick OAuth2 authentication into
using an HS256 validation key from an attacker-controlled location
- CVE-2021-33515: Sensitive information could be redirected to an
attacker-
bug in the submission service
-- Noah Meyerhans <email address hidden> Tue, 20 Jul 2021 08:05:19 -0700
### Old Ubuntu Delta ###
dovecot (1:2.3.
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 17:46:46 -0400
dovecot (1:2.3.
* SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
- debian/
src/
src/
- CVE-2021-29157
* SECURITY UPDATE: plaintext command injection before STARTTLS
- debian/
src/
src/
- CVE-2021-33515
-- Marc Deslauriers <email address hidden> Wed, 16 Jun 2021 09:02:15 -0400
dovecot (1:2.3.
* Package references hidden symbols during an LTO link. This needs further
investigation. Until then, disable LTO.
-- Matthias Klose <email address hidden> Tue, 30 Mar 2021 17:23:55 +0200
dovecot (1:2.3.
* No change rebuild against clucene-core
-- Balint Reczey <email address hidden> Thu, 18 Feb 2021 18:19:47 +0100
### Newer Upstream Releases ###
https:/
https:/
https:/
Changed in dovecot (Ubuntu): | |
importance: | Undecided → Medium |
milestone: | none → later |
Changed in dovecot (Ubuntu): | |
assignee: | nobody → Bryce Harrington (bryce) |
summary: |
- Merge dovecot from Debian for 22.04 + Merge dovecot from Debian Unstable for 22.04 |
tags: | added: needs-merge |
Changed in dovecot (Ubuntu): | |
status: | New → Invalid |