dovecot 1:2.3.16+dfsg1-3ubuntu2.4 source package in Ubuntu
Changelog
dovecot (1:2.3.16+dfsg1-3ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: Having a large number of address headers (From, To,
Cc, Bcc, etc.) becomes excessively CPU intensive
- debian/patches/CVE-2024-23184-1.patch: fix dllist2 test name in
src/lib/test-llist.c.
- debian/patches/CVE-2024-23184-2.patch: add DLLIST2_JOIN() in
src/lib/llist.h, src/lib/test-llist.c.
- debian/patches/CVE-2024-23184-3.patch: use test_assert_idx() where
possible in src/lib-imap/test-imap-envelope.c.
- debian/patches/CVE-2024-23184-4.patch: change message_address to be
doubly linked list in src/lib-imap/imap-envelope.c,
src/lib-mail/message-address.c, src/lib-mail/message-address.h,
src/lib-mail/test-message-address.c.
- debian/patches/CVE-2024-23184-5.patch: add
message_address_parse_full() and struct message_address_list in
src/lib-mail/message-address.c, src/lib-mail/message-address.h,
src/lib-mail/test-message-address.c.
- debian/patches/CVE-2024-23184-6.patch: optimize parsing large number
of address headers in src/lib-imap/imap-envelope.c,
src/lib-mail/message-part-data.c, src/lib-mail/message-part-data.h,
src/lib-storage/index/index-search-mime.c.
- CVE-2024-23184
* SECURITY UPDATE: Very large headers can cause resource exhaustion when
parsing message
- debian/patches/CVE-2024-23185-1.patch: limit header block to 10MB by
default in src/lib-mail/message-header-parser.c,
src/lib-mail/message-header-parser.h,
src/lib-mail/test-message-header-parser.c.
- debian/patches/CVE-2024-23185-2.patch: limit headers total count to
50MB by default in src/lib-mail/message-parser-private.h,
src/lib-mail/message-parser.c, src/lib-mail/message-parser.h,
src/lib-mail/test-message-parser.c.
- CVE-2024-23185
* Note: This package does _not_ contain the changes from
1:2.3.16+dfsg1-3ubuntu2.3 in jammy-proposed.
-- Marc Deslauriers <email address hidden> Wed, 11 Sep 2024 07:54:46 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jammy | updates | main | ||
| Jammy | security | main |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| dovecot_2.3.16+dfsg1.orig-pigeonhole.tar.gz | 1.6 MiB | 0438a36c7aef41a9d12df1f2ca792ed5d18df3e23bc241e5a0f762cf4456eb6e |
| dovecot_2.3.16+dfsg1.orig.tar.gz | 7.3 MiB | 03a71d53055bd9ec528d55e07afaf15c09dec9856cba734904bfd05acbc6cf12 |
| dovecot_2.3.16+dfsg1-3ubuntu2.4.debian.tar.xz | 82.9 KiB | 93ab3ab2d461ec7e54fe367e6df876ca6989396fad84c0d7c9006a0199370ca8 |
| dovecot_2.3.16+dfsg1-3ubuntu2.4.dsc | 3.8 KiB | a399cc9c4a415513fe7fda4621d6bc7d057fa3420b144b9e348ee6494d1da853 |
Available diffs
Binary packages built by this source
- dovecot-auth-lua: secure POP3/IMAP server - Lua authentication plugin
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package contains an authentication plugin allowing password and user
databases to be implemented in Lua.
- dovecot-auth-lua-dbgsym: debug symbols for dovecot-auth-lua
- dovecot-core: secure POP3/IMAP server - core files
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package contains the Dovecot main server and its command line utility.
- dovecot-core-dbgsym: debug symbols for dovecot-core
- dovecot-dev: secure POP3/IMAP server - header files
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package contains header files needed to compile plugins for the Dovecot
mail server.
- dovecot-gssapi: secure POP3/IMAP server - GSSAPI support
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package provides GSSAPI authentication support for Dovecot.
- dovecot-gssapi-dbgsym: debug symbols for dovecot-gssapi
- dovecot-imapd: secure POP3/IMAP server - IMAP daemon
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package contains the Dovecot IMAP server.
- dovecot-imapd-dbgsym: debug symbols for dovecot-imapd
- dovecot-ldap: secure POP3/IMAP server - LDAP support
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package provides LDAP support for Dovecot.
- dovecot-ldap-dbgsym: debug symbols for dovecot-ldap
- dovecot-lmtpd: secure POP3/IMAP server - LMTP server
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package contains the Dovecot LMTP server.
- dovecot-lmtpd-dbgsym: debug symbols for dovecot-lmtpd
- dovecot-lucene: secure POP3/IMAP server - Lucene support
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package provides Lucene full text search support for Dovecot.
- dovecot-lucene-dbgsym: debug symbols for dovecot-lucene
- dovecot-managesieved: secure POP3/IMAP server - ManageSieve server
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package contains the Dovecot ManageSieve server.
- dovecot-managesieved-dbgsym: debug symbols for dovecot-managesieved
- dovecot-mysql: secure POP3/IMAP server - MySQL support
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package provides MySQL support for Dovecot.
- dovecot-mysql-dbgsym: debug symbols for dovecot-mysql
- dovecot-pgsql: secure POP3/IMAP server - PostgreSQL support
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package provides PostgreSQL support for Dovecot.
- dovecot-pgsql-dbgsym: debug symbols for dovecot-pgsql
- dovecot-pop3d: secure POP3/IMAP server - POP3 daemon
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package contains the Dovecot POP3 server.
- dovecot-pop3d-dbgsym: debug symbols for dovecot-pop3d
- dovecot-sieve: secure POP3/IMAP server - Sieve filters support
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package provides Sieve filters support for Dovecot.
- dovecot-sieve-dbgsym: debug symbols for dovecot-sieve
- dovecot-solr: secure POP3/IMAP server - Solr support
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package provides Solr full text search support for Dovecot.
- dovecot-solr-dbgsym: debug symbols for dovecot-solr
- dovecot-sqlite: secure POP3/IMAP server - SQLite support
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package provides SQLite support for Dovecot.
- dovecot-sqlite-dbgsym: debug symbols for dovecot-sqlite
- dovecot-submissiond: secure POP3/IMAP server - mail submission agent
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify
that all data is valid, making it nearly impossible to crash. It supports
mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
fast, extensible, and portable.
.
This package contains the Dovecot Mail Submission Agent which implements a
basic SMTP submission service with BURL support.
- dovecot-submissiond-dbgsym: debug symbols for dovecot-submissiond
