Ubuntu
dovecot package

  1. Bug #1951325
  2. Comment #1

Comment 1 for bug 1951325

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dovecot - 1:2.3.16+dfsg1-3ubuntu1

---------------
dovecot (1:2.3.16+dfsg1-3ubuntu1) jammy; urgency=medium

  [ Bryce Harrington ]
  * Merge with Debian unstable. (LP: #1946855)
    Remaining changes:
    - Package references hidden symbols during an LTO link. This needs further
      investigation. Until then, disable LTO.
  * Dropped:
    - SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
      + debian/patches/CVE-2021-29157.patch: improve escaping in
        src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c,
        src/lib-oauth2/test-oauth2-jwt.c.
      [Included in Debian 1:2.3.13+dfsg1-2]
    - SECURITY UPDATE: plaintext command injection before STARTTLS
      + debian/patches/CVE-2021-33515.patch: properly handle command queue in
        src/lib-smtp/smtp-server-cmd-starttls.c,
        src/lib-smtp/smtp-server-connection.c.
      [Included in Debian 1:2.3.13+dfsg1-2]
  * d/rules: Disable Debian's recent enablement of LTO as well, as it
    FTBFS when building with gcc 11.
    (LP: #1951325)

  [ Simon Chopin ]
  * d/p/OpenSSL3.patch: Workaround to fix EC key handling when building
    with OpenSSL 3.0.
    (LP: #1945763)

 -- Bryce Harrington <email address hidden> Wed, 17 Nov 2021 13:46:08 -0800