dovecot 1:2.3.4.1-5ubuntu1 source package in Ubuntu
Changelog
dovecot (1:2.3.4.1-5ubuntu1) eoan; urgency=medium
* Merge with Debian unstable. Remaining changes:
- carry mail-stack-delivery as empty transitional package
* Dropped:
- SECURITY UPDATE: stack overflow when reading FTS or POP3-UIDL header
+ debian/patches/CVE-2019-7524-1.patch: fix buffer overflow when
reading oversized hdr-pop3-uidl header in
src/lib-storage/index/index-pop3-uidl.c.
+ debian/patches/CVE-2019-7524-2.patch: fix buffer overflow when
reading oversized fts header in src/plugins/fts/fts-api.c.
+ CVE-2019-7524
[Fixed in 1:2.3.4.1-3]
- SECURITY UPDATE: JSON encoder assert DoS
+ debian/patches/CVE-2019-10691.patch: escape invalid UTF-8 as unicode
bytes in src/lib/json-parser.c, src/lib/test-json-parser.c.
+ CVE-2019-10691
[Fixed in 1:2.3.4.1-4]
- SECURITY UPDATE: submission-login denial of service issues
+ debian/patches/CVE-2019-1149x-1.patch: remove unused
client->pending_starttls in src/submission-login/client.h.
+ debian/patches/CVE-2019-1149x-2.patch: fix crash occurring when
client disconnects during authentication in
src/submission-login/client-authenticate.c,
src/submission-login/client.c.
+ debian/patches/CVE-2019-1149x-3.patch: fix AUTH response error
handling so that it stops reading more input in
src/lib-smtp/smtp-server-cmd-auth.c.
+ CVE-2019-11494
+ CVE-2019-11499
[Fixed in 1:2.3.4.1-5]
dovecot (1:2.3.4.1-5) unstable; urgency=medium
* [bd00402] Fix CVE-2019-11494 and CVE-2019-11499 (Closes: #928235)
- submission-login: fix null pointer dereference when client
disconnects during authentication (CVE-2019-11494)
- submission-login: fix assert-crash when receiving an invalid
authentication message over TLS (CVE-2019-11499)
dovecot (1:2.3.4.1-4) unstable; urgency=high
* [d04d4ba] Fix assert-crash in JSON encoder (CVE-2019-10691)
dovecot (1:2.3.4.1-3) unstable; urgency=high
* [07c9212] Fix two buffer overflows when reading oversized FTS headers
and/or oversized POP3-UIDL headers (CVE-2019-7524).
dovecot (1:2.3.4.1-2) unstable; urgency=medium
[ Laurent Bigonville ]
* [ac99918] Fix double-free crash in mysql driver
Fix double closing of the connection in the mysql driver, this should
fix the crash in the dovecot auth process, taken from upstream.
(Closes: #918339)
[ Apollon Oikonomopoulos ]
* [8a30446] Bump Standards-Version to 4.3.0; no changes needed
-- Bryce Harrington <email address hidden> Fri, 03 May 2019 12:02:04 -0700
Upload details
- Uploaded by:
- Bryce Harrington
- Uploaded to:
- Eoan
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| dovecot_2.3.4.1.orig.tar.gz | 6.6 MiB | b8873e2ce5c33e58963bb7a8d2ff8427c09dbfdd63e13a0b0f4502864043aa07 |
| dovecot_2.3.4.1-5ubuntu1.debian.tar.xz | 526.4 KiB | 20741c727d64061c942ca09596ae9c8698ff77acd8df59f2c964480d51eed1cf |
| dovecot_2.3.4.1-5ubuntu1.dsc | 3.4 KiB | 443940f9b36c067df84cf4d8cbde03d17b47c36d7a0bf1d06c4664cf8f60894e |
Available diffs
Binary packages built by this source
- dovecot-auth-lua: No summary available for dovecot-auth-lua in ubuntu eoan.
No description available for dovecot-auth-lua in ubuntu eoan.
- dovecot-auth-lua-dbgsym: No summary available for dovecot-auth-lua-dbgsym in ubuntu eoan.
No description available for dovecot-
auth-lua- dbgsym in ubuntu eoan.
- dovecot-core: No summary available for dovecot-core in ubuntu eoan.
No description available for dovecot-core in ubuntu eoan.
- dovecot-core-dbgsym: No summary available for dovecot-core-dbgsym in ubuntu eoan.
No description available for dovecot-core-dbgsym in ubuntu eoan.
- dovecot-dev: No summary available for dovecot-dev in ubuntu eoan.
No description available for dovecot-dev in ubuntu eoan.
- dovecot-gssapi: No summary available for dovecot-gssapi in ubuntu eoan.
No description available for dovecot-gssapi in ubuntu eoan.
- dovecot-gssapi-dbgsym: No summary available for dovecot-gssapi-dbgsym in ubuntu eoan.
No description available for dovecot-
gssapi- dbgsym in ubuntu eoan.
- dovecot-imapd: No summary available for dovecot-imapd in ubuntu eoan.
No description available for dovecot-imapd in ubuntu eoan.
- dovecot-imapd-dbgsym: No summary available for dovecot-imapd-dbgsym in ubuntu eoan.
No description available for dovecot-
imapd-dbgsym in ubuntu eoan.
- dovecot-ldap: No summary available for dovecot-ldap in ubuntu eoan.
No description available for dovecot-ldap in ubuntu eoan.
- dovecot-ldap-dbgsym: No summary available for dovecot-ldap-dbgsym in ubuntu eoan.
No description available for dovecot-ldap-dbgsym in ubuntu eoan.
- dovecot-lmtpd: No summary available for dovecot-lmtpd in ubuntu eoan.
No description available for dovecot-lmtpd in ubuntu eoan.
- dovecot-lmtpd-dbgsym: No summary available for dovecot-lmtpd-dbgsym in ubuntu eoan.
No description available for dovecot-
lmtpd-dbgsym in ubuntu eoan.
- dovecot-lucene: No summary available for dovecot-lucene in ubuntu eoan.
No description available for dovecot-lucene in ubuntu eoan.
- dovecot-lucene-dbgsym: No summary available for dovecot-lucene-dbgsym in ubuntu eoan.
No description available for dovecot-
lucene- dbgsym in ubuntu eoan.
- dovecot-managesieved: No summary available for dovecot-managesieved in ubuntu eoan.
No description available for dovecot-
managesieved in ubuntu eoan.
- dovecot-managesieved-dbgsym: No summary available for dovecot-managesieved-dbgsym in ubuntu eoan.
No description available for dovecot-
managesieved- dbgsym in ubuntu eoan.
- dovecot-mysql: No summary available for dovecot-mysql in ubuntu eoan.
No description available for dovecot-mysql in ubuntu eoan.
- dovecot-mysql-dbgsym: No summary available for dovecot-mysql-dbgsym in ubuntu eoan.
No description available for dovecot-
mysql-dbgsym in ubuntu eoan.
- dovecot-pgsql: No summary available for dovecot-pgsql in ubuntu eoan.
No description available for dovecot-pgsql in ubuntu eoan.
- dovecot-pgsql-dbgsym: No summary available for dovecot-pgsql-dbgsym in ubuntu eoan.
No description available for dovecot-
pgsql-dbgsym in ubuntu eoan.
- dovecot-pop3d: No summary available for dovecot-pop3d in ubuntu eoan.
No description available for dovecot-pop3d in ubuntu eoan.
- dovecot-pop3d-dbgsym: No summary available for dovecot-pop3d-dbgsym in ubuntu eoan.
No description available for dovecot-
pop3d-dbgsym in ubuntu eoan.
- dovecot-sieve: No summary available for dovecot-sieve in ubuntu eoan.
No description available for dovecot-sieve in ubuntu eoan.
- dovecot-sieve-dbgsym: No summary available for dovecot-sieve-dbgsym in ubuntu eoan.
No description available for dovecot-
sieve-dbgsym in ubuntu eoan.
- dovecot-solr: No summary available for dovecot-solr in ubuntu eoan.
No description available for dovecot-solr in ubuntu eoan.
- dovecot-solr-dbgsym: No summary available for dovecot-solr-dbgsym in ubuntu eoan.
No description available for dovecot-solr-dbgsym in ubuntu eoan.
- dovecot-sqlite: No summary available for dovecot-sqlite in ubuntu eoan.
No description available for dovecot-sqlite in ubuntu eoan.
- dovecot-sqlite-dbgsym: No summary available for dovecot-sqlite-dbgsym in ubuntu eoan.
No description available for dovecot-
sqlite- dbgsym in ubuntu eoan.
- dovecot-submissiond: No summary available for dovecot-submissiond in ubuntu eoan.
No description available for dovecot-submissiond in ubuntu eoan.
- dovecot-submissiond-dbgsym: No summary available for dovecot-submissiond-dbgsym in ubuntu eoan.
No description available for dovecot-
submissiond- dbgsym in ubuntu eoan.
- mail-stack-delivery: No summary available for mail-stack-delivery in ubuntu eoan.
No description available for mail-stack-delivery in ubuntu eoan.
