Bug#891819: marked as done (dovecot: CVE-2017-14461: rfc822_parse_domain information leak vulnerability)

[Debian Bug Tracking System]

Your message dated Thu, 01 Mar 2018 09:50:15 +0000
with message-id <e1erkqt-0002mj...@fasolo.debian.org>
and subject line Bug#891819: fixed in dovecot 1:2.2.34-1
has caused the Debian Bug report #891819,
regarding dovecot: CVE-2017-14461: rfc822_parse_domain information leak 
vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
891819: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891819
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: dovecot
Version: 1:2.2.13-11
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for dovecot.

CVE-2017-14461[0]:
rfc822_parse_domain information leak vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14461
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: dovecot
Source-Version: 1:2.2.34-1

We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 891...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos <apoi...@debian.org> (supplier of updated dovecot 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 01 Mar 2018 10:55:49 +0200
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd 
dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap 
dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene
Architecture: source amd64
Version: 1:2.2.34-1
Distribution: unstable
Urgency: medium
Maintainer: Dovecot Maintainers <jaldhar-dove...@debian.org>
Changed-By: Apollon Oikonomopoulos <apoi...@debian.org>
Description:
 dovecot-core - secure POP3/IMAP server - core files
 dovecot-dev - secure POP3/IMAP server - header files
 dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
 dovecot-imapd - secure POP3/IMAP server - IMAP daemon
 dovecot-ldap - secure POP3/IMAP server - LDAP support
 dovecot-lmtpd - secure POP3/IMAP server - LMTP server
 dovecot-lucene - secure POP3/IMAP server - Lucene support
 dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
 dovecot-mysql - secure POP3/IMAP server - MySQL support
 dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
 dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
 dovecot-sieve - secure POP3/IMAP server - Sieve filters support
 dovecot-solr - secure POP3/IMAP server - Solr support
 dovecot-sqlite - secure POP3/IMAP server - SQLite support
Closes: 888432 891819 891820
Changes:
 dovecot (1:2.2.34-1) unstable; urgency=medium
 .
   * [f53dc9a] New upstream version 2.2.34
     Fixes the following security issues:
      + CVE-2017-15130: TLS SNI config lookups may lead to excessive memory
        usage (Closes: #891820)
      + CVE-2017-14461: rfc822_parse_domain information leak vulnerability
        (Closes: #891819)
      + CVE-2017-15132: auth client leaks memory if SASL authentication is
        aborted (Closes: #888432)
   * [0dc98c6] Do not patch all-settings.c; regenerate it at build time
     instead. Thanks to Aki Tuomi!
   * [e678e3b] Bump dh compat to 11
      + B-D on debhelper (>= 11~)
      + Use dh_installsystemd instead of dh_systemd_enable
   * [271b290] Bump Standards-Version to 4.1.3; no changes needed
   * [3cd6715] d/copyright: bump upstream and debian years
   * [380d1ac] Drop the ENABLED flag from /etc/default/dovecot (but let the
     initscript handle it if it exists)
   * [97d6fae] d/watch: switch upstream URL to https://
Checksums-Sha1:
 b77048eda2dd397cba70688ce8b6c0f43d615bd3 3164 dovecot_2.2.34-1.dsc
 4b1c016d0d3ec4b06a2eb26e7cbbf83e70ac16f9 6181270 dovecot_2.2.34.orig.tar.gz
 9b42445eef114e7ed8f19d291b480a8bedf8622a 879184 dovecot_2.2.34-1.debian.tar.xz
 7635662c616a30336ac8c4c0d1a774b506218d39 10214516 
dovecot-core-dbgsym_2.2.34-1_amd64.deb
 9993e696a04f4f4cf1d46e44a1c71af338813919 3587692 
dovecot-core_2.2.34-1_amd64.deb
 f36a8d6a5ee79c6214dd86fbd23d0d054ff57322 1126556 dovecot-dev_2.2.34-1_amd64.deb
 343e937152c327cd1847b473cb6b1fcd9b22158a 18912 
dovecot-gssapi-dbgsym_2.2.34-1_amd64.deb
 ca3bfd4c67c9ddca88c0fa4734b1d15584adb9b4 829248 
dovecot-gssapi_2.2.34-1_amd64.deb
 0d6c765ea6cc28a5c889754167746bca78243061 708128 
dovecot-imapd-dbgsym_2.2.34-1_amd64.deb
 325b2130122d56bacc40c4a340a1ccd09c48636f 972196 
dovecot-imapd_2.2.34-1_amd64.deb
 8c3c9106e9c22961779e9c694e9c7f9576f181cd 597272 
dovecot-ldap-dbgsym_2.2.34-1_amd64.deb
 ed7441e6ec303af0beed201bf535c245bf9670e9 1041068 
dovecot-ldap_2.2.34-1_amd64.deb
 b6b5fe69e5bcd9abe76e813d06a6501d8d00bc2a 84452 
dovecot-lmtpd-dbgsym_2.2.34-1_amd64.deb
 2a43aed8b82d383c2f741875e8f5297e019cc4f0 843764 
dovecot-lmtpd_2.2.34-1_amd64.deb
 942dbc6904cb41bb9fb297dae7e1a77de61825aa 136500 
dovecot-lucene-dbgsym_2.2.34-1_amd64.deb
 7f940d2f677dea39bb607920ff7ef6379541bfc4 848236 
dovecot-lucene_2.2.34-1_amd64.deb
 9b1e4501973d1f246710bb7082f0a42b280910c6 134620 
dovecot-managesieved-dbgsym_2.2.34-1_amd64.deb
 6c52687f794459562cab1dad82922add09225f3f 860468 
dovecot-managesieved_2.2.34-1_amd64.deb
 41828d18a6b2a29e6604f3cbd5523396e857d2da 19528 
dovecot-mysql-dbgsym_2.2.34-1_amd64.deb
 0b3f3260c028ebe7df4c4baef15bbc43825e76a5 830172 
dovecot-mysql_2.2.34-1_amd64.deb
 205c2dd7887d7c45b2e2f8a9811141e7c953323a 24260 
dovecot-pgsql-dbgsym_2.2.34-1_amd64.deb
 f3d2993f5b755031ffa703b3095fd7b74c27caf5 833072 
dovecot-pgsql_2.2.34-1_amd64.deb
 34d0598c72d488e322c3085748d2cb02fc49bbdb 81268 
dovecot-pop3d-dbgsym_2.2.34-1_amd64.deb
 3290d7da9c25e7a221f75b5c822a524a9f8d784d 850912 
dovecot-pop3d_2.2.34-1_amd64.deb
 7f560d3d1b66ce36c5b7267d58a0341056992fbe 1654948 
dovecot-sieve-dbgsym_2.2.34-1_amd64.deb
 3589f7aaf2842270bd6dff63e230b54010ab4f05 1129152 
dovecot-sieve_2.2.34-1_amd64.deb
 341a06ea99fd04c047149116f9c67eece5e02e21 91600 
dovecot-solr-dbgsym_2.2.34-1_amd64.deb
 1931c3dcd59ee3d246231dc699c9c58a6e9bb55c 841088 dovecot-solr_2.2.34-1_amd64.deb
 6ae096a49ecb6029d9c9c1233b6b4964692d93e5 12672 
dovecot-sqlite-dbgsym_2.2.34-1_amd64.deb
 218156ad769c62165568cb5c7408158bce6edb6e 828148 
dovecot-sqlite_2.2.34-1_amd64.deb
 881af6cbf6c736246fe338659c96bf6a55aaef29 15004 dovecot_2.2.34-1_amd64.buildinfo
Checksums-Sha256:
 602be3064c6a872b8a5c4f70ba548d529e9da2aaa7b4d83c45e91ac21b898638 3164 
dovecot_2.2.34-1.dsc
 5e92a4325409e66b343f6aaa67174b8921ce83d0df792c6eeb0b7b7e2c808353 6181270 
dovecot_2.2.34.orig.tar.gz
 ed45d14ec501d06e5542fd653aec00d8744558d4d6316939410858b60a2864b8 879184 
dovecot_2.2.34-1.debian.tar.xz
 9d6330e24ea825050a79ddf2541bc87272690f0754a34b2923ea5ce8336aa971 10214516 
dovecot-core-dbgsym_2.2.34-1_amd64.deb
 8ed56652c14a9d7e24d57288438d04fdac2fb7e2fb15e65c69c2512853c082b2 3587692 
dovecot-core_2.2.34-1_amd64.deb
 fd0e10f084f604d4851e29760087493d9778c2e6e73b9016f1a0ff2d5ddbe35f 1126556 
dovecot-dev_2.2.34-1_amd64.deb
 8f76bd970320757624015acbe64f883eb9e793b571932b31812e531c43d4ed59 18912 
dovecot-gssapi-dbgsym_2.2.34-1_amd64.deb
 88746ec16980a6bd28f34508acfd63ed95fa7ef3f11c70938a7e2a0f05ce95fc 829248 
dovecot-gssapi_2.2.34-1_amd64.deb
 7d9375aa4b6f1d07b9e9e1c3cc54f26278169ad8b7c514ebbf40cf900a342116 708128 
dovecot-imapd-dbgsym_2.2.34-1_amd64.deb
 f27257f60f3dc01ce1e2781c4dcf5c6c2aa58563b993a23041c909828f14aaba 972196 
dovecot-imapd_2.2.34-1_amd64.deb
 493510b96256097fd3287492671457e0577d0fc84e3f8b7e8de91744981d631a 597272 
dovecot-ldap-dbgsym_2.2.34-1_amd64.deb
 add3acf71af14817469f027a5010f542cc01adc4f972922210c3d479f73c10a9 1041068 
dovecot-ldap_2.2.34-1_amd64.deb
 f087f42d8d06e1522d02e46ba0eb2bbc5113f53b58815abf1038ec13f66005d1 84452 
dovecot-lmtpd-dbgsym_2.2.34-1_amd64.deb
 4d7d408d5cdf8701b314aa273c78fb317f6c0d225698dd922927e086213ca660 843764 
dovecot-lmtpd_2.2.34-1_amd64.deb
 9ea2698dd6f28d92344454728dfa197b0980805e5dc0d2bcf276649b01b26e31 136500 
dovecot-lucene-dbgsym_2.2.34-1_amd64.deb
 95d17ac2334817a5eea8aeb705a85656f7c24ab25b56dd9a700fb439ef76e272 848236 
dovecot-lucene_2.2.34-1_amd64.deb
 77256f6898db95cb07297d114b65f769523e2e7fe0e239bc562e3cae2ead180f 134620 
dovecot-managesieved-dbgsym_2.2.34-1_amd64.deb
 a9efac573dba61cbf239983cd7eb79860206aa3c61132ee17d0a9965c25410df 860468 
dovecot-managesieved_2.2.34-1_amd64.deb
 d57dc5f7b47c6c871c2de30ae1907a2bf416d58eb5c2940bd788a67196604ad8 19528 
dovecot-mysql-dbgsym_2.2.34-1_amd64.deb
 71636b823aca2e40e877958ec74b477b24e3b8ba2dcb43a3e26d49113f8480c8 830172 
dovecot-mysql_2.2.34-1_amd64.deb
 d6fc7290e59bd3a28c78c6a1b9bab7984f07d8dd600a961c3b567ae2e3d014f1 24260 
dovecot-pgsql-dbgsym_2.2.34-1_amd64.deb
 20da36e5bd3b710fd2387e5208e15740272416f9a2a72d8b1e3b7a365b3269fd 833072 
dovecot-pgsql_2.2.34-1_amd64.deb
 f23237dbe26c1456b4acdde244e6b83018cdb518c86424a9bda6e0edfcc8fd5d 81268 
dovecot-pop3d-dbgsym_2.2.34-1_amd64.deb
 766bb61f1d8319794cdba05ca0c5589111962b6ac6ff06adbf529a43b6fee527 850912 
dovecot-pop3d_2.2.34-1_amd64.deb
 5bce5a8cf6e40484259f971a1c2c4bcf2f8f5570395178f39cc51d02f34f2303 1654948 
dovecot-sieve-dbgsym_2.2.34-1_amd64.deb
 efe363ce2c7c57afbd1544079280c43733b9af76ac382225b5cdbdf2b9ed6373 1129152 
dovecot-sieve_2.2.34-1_amd64.deb
 ba24ffd6935d357b09ae303bfa94fc991ffb71cf31c13bc1380f329f75e05497 91600 
dovecot-solr-dbgsym_2.2.34-1_amd64.deb
 9fd350bcb49f1f36964b494aa6fe05997e94463bdb634e1b753b7256c0db109d 841088 
dovecot-solr_2.2.34-1_amd64.deb
 e9301c29e01122be9e1df5cacc3a10805eebb2bd27cf69469e30d2afaef2575a 12672 
dovecot-sqlite-dbgsym_2.2.34-1_amd64.deb
 5a7e56b56f3daf48561e9939c6ad0bcd950c5d9e2802ab415094a1b511a41cfc 828148 
dovecot-sqlite_2.2.34-1_amd64.deb
 22eda30a7a07fbae534b4685f902f9e874636037991aad37c6408582b858efe6 15004 
dovecot_2.2.34-1_amd64.buildinfo
Files:
 5d2ce515c43dfd75957e2ef83a997fe7 3164 mail optional dovecot_2.2.34-1.dsc
 29a2e7812c34e6b35db4f86260fed197 6181270 mail optional 
dovecot_2.2.34.orig.tar.gz
 759e8d3bb83df7665c38183c4811e4eb 879184 mail optional 
dovecot_2.2.34-1.debian.tar.xz
 cd833ef3caefd2824e7175911f46dfa3 10214516 debug optional 
dovecot-core-dbgsym_2.2.34-1_amd64.deb
 8f76cc4ca80990707dc7729d490918a8 3587692 mail optional 
dovecot-core_2.2.34-1_amd64.deb
 e6994490ba0a26ea7de8be4d3ab34c9e 1126556 mail optional 
dovecot-dev_2.2.34-1_amd64.deb
 12cfdd9ae7674f8503a5c099a2b593a1 18912 debug optional 
dovecot-gssapi-dbgsym_2.2.34-1_amd64.deb
 a4a62c74426e79d532e4ba3406ee1444 829248 mail optional 
dovecot-gssapi_2.2.34-1_amd64.deb
 d9b2d64e91e195a968df1d67104547a5 708128 debug optional 
dovecot-imapd-dbgsym_2.2.34-1_amd64.deb
 49704f38ec739fbd97ecd34b6f205ac0 972196 mail optional 
dovecot-imapd_2.2.34-1_amd64.deb
 3e84c0dd370b83d52516ea63f76b0dd6 597272 debug optional 
dovecot-ldap-dbgsym_2.2.34-1_amd64.deb
 8a7ac1d3f5a605fddb9f35a0bd31c9d9 1041068 mail optional 
dovecot-ldap_2.2.34-1_amd64.deb
 d3d76bcba12f2de8a7f648cdd86efb6f 84452 debug optional 
dovecot-lmtpd-dbgsym_2.2.34-1_amd64.deb
 48b141e3851f50b11f56fc4acee12d19 843764 mail optional 
dovecot-lmtpd_2.2.34-1_amd64.deb
 7a205bb9a2318187e9ef981da4d2354d 136500 debug optional 
dovecot-lucene-dbgsym_2.2.34-1_amd64.deb
 c694353c79828ecdd244940c3fc27b52 848236 mail optional 
dovecot-lucene_2.2.34-1_amd64.deb
 c32c33f6df493e2408632cea337026d0 134620 debug optional 
dovecot-managesieved-dbgsym_2.2.34-1_amd64.deb
 65268a4814d23940b6537d7fec48c552 860468 mail optional 
dovecot-managesieved_2.2.34-1_amd64.deb
 5af519a0d01f7674ab0bb488b3c64e74 19528 debug optional 
dovecot-mysql-dbgsym_2.2.34-1_amd64.deb
 de4fc4ca543ffa698a9437a1f82af14f 830172 mail optional 
dovecot-mysql_2.2.34-1_amd64.deb
 8daa613ed81ca23680d92066ab8ab1f7 24260 debug optional 
dovecot-pgsql-dbgsym_2.2.34-1_amd64.deb
 8a4c310fcf20fdcda50a301a9886facc 833072 mail optional 
dovecot-pgsql_2.2.34-1_amd64.deb
 fda95a28b9a92a45eb41bd39814c5e86 81268 debug optional 
dovecot-pop3d-dbgsym_2.2.34-1_amd64.deb
 697e3a7d8e1e36cb3e9dbdb6f3a53fc9 850912 mail optional 
dovecot-pop3d_2.2.34-1_amd64.deb
 578744859d1d99c2373c763fabb8eb52 1654948 debug optional 
dovecot-sieve-dbgsym_2.2.34-1_amd64.deb
 1cd8e96d2e3de5ce2c3a2729b9e5ad5c 1129152 mail optional 
dovecot-sieve_2.2.34-1_amd64.deb
 63cfc30936be702e413af430f43e5d5a 91600 debug optional 
dovecot-solr-dbgsym_2.2.34-1_amd64.deb
 63ddfa63cf7f1121b783eed52720f138 841088 mail optional 
dovecot-solr_2.2.34-1_amd64.deb
 04b8d2c24159001d0aa66b4bfa5f60e8 12672 debug optional 
dovecot-sqlite-dbgsym_2.2.34-1_amd64.deb
 b1157e2779bf4f51a87e11c3309ae4b9 828148 mail optional 
dovecot-sqlite_2.2.34-1_amd64.deb
 c6cd2e0235db68fd90a9577cc4ad8049 15004 mail optional 
dovecot_2.2.34-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlqXyMwACgkQ9RsYxyAk
giQ8Ag//aNthHTzduDA03Jd5RE3XcQXDw8raYQj7JpMtjbRzlx0NJEvyvkUzSjP2
FNoujnsYxQIG92a4iL/FSc7iIVxoxqaqfznhwGl2AtuSVUNtwjkBO51nz6BrGs5k
EtQI326tbZPRX/zoW+4+4OVviEUbkonfZVcmypQQoi80SwEfUhn62iS8E0Djp1Bw
BrkQhX8CwEvdNWrPccDmsGfBM+THaeTcoknQgxrxkYmd9lOz4POjF2zdQCYyNag6
J4hfcnPyaEPb7OpUQ+HcTqnDzzwPMXDMlxcu/4RnMVeuudsPEqEIIUQ5t54SQOal
vqD01WZKiKt49AqA91HR9mgLJyA071nbiJ8Y+9UBD7x71Ni5O3Odj9lu9LWnnhxW
7KFdtmId67OmgvnYRLsvMxvJF2tY41+Xw7tUaTPcPEaje6Q6394qPzffuMlmhc9d
vwTdTo86+n5s6yYf4+ziG/z9+k0NxTGLOcls0KPWew8dOhPbPvH5EKoyPE93FMUb
T2/aFJN/cZdZDJVvaajSCxCVRjyptHJrddSQhCpNMVzHqGHxP5E4Rw/2tYmeGzkN
Sa+wvSNQUKgsJfbzWPVerQ+twc+lH3Da6CsPpHxppbYCKjW6zd94aZpo//oA/blW
p75W/8QNW7rvCOeL9PCzEeSNef03D1QiMzL/4d88P56exWMouR0=
=0x20
-----END PGP SIGNATURE-----

--- End Message ---