Your message dated Thu, 01 Mar 2018 09:50:15 +0000
with message-id <e1erkqt-0002mj...@fasolo.debian.org>
and subject line Bug#891819: fixed in dovecot 1:2.2.34-1
has caused the Debian Bug report #891819,
regarding dovecot: CVE-2017-14461: rfc822_parse_domain information leak
vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
891819: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891819
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dovecot
Version: 1:2.2.13-11
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for dovecot.
CVE-2017-14461[0]:
rfc822_parse_domain information leak vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dovecot
Source-Version: 1:2.2.34-1
We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 891...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Apollon Oikonomopoulos <apoi...@debian.org> (supplier of updated dovecot
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 01 Mar 2018 10:55:49 +0200
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd
dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap
dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene
Architecture: source amd64
Version: 1:2.2.34-1
Distribution: unstable
Urgency: medium
Maintainer: Dovecot Maintainers <jaldhar-dove...@debian.org>
Changed-By: Apollon Oikonomopoulos <apoi...@debian.org>
Description:
dovecot-core - secure POP3/IMAP server - core files
dovecot-dev - secure POP3/IMAP server - header files
dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
dovecot-imapd - secure POP3/IMAP server - IMAP daemon
dovecot-ldap - secure POP3/IMAP server - LDAP support
dovecot-lmtpd - secure POP3/IMAP server - LMTP server
dovecot-lucene - secure POP3/IMAP server - Lucene support
dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
dovecot-mysql - secure POP3/IMAP server - MySQL support
dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
dovecot-sieve - secure POP3/IMAP server - Sieve filters support
dovecot-solr - secure POP3/IMAP server - Solr support
dovecot-sqlite - secure POP3/IMAP server - SQLite support
Closes: 888432 891819 891820
Changes:
dovecot (1:2.2.34-1) unstable; urgency=medium
.
* [f53dc9a] New upstream version 2.2.34
Fixes the following security issues:
+ CVE-2017-15130: TLS SNI config lookups may lead to excessive memory
usage (Closes: #891820)
+ CVE-2017-14461: rfc822_parse_domain information leak vulnerability
(Closes: #891819)
+ CVE-2017-15132: auth client leaks memory if SASL authentication is
aborted (Closes: #888432)
* [0dc98c6] Do not patch all-settings.c; regenerate it at build time
instead. Thanks to Aki Tuomi!
* [e678e3b] Bump dh compat to 11
+ B-D on debhelper (>= 11~)
+ Use dh_installsystemd instead of dh_systemd_enable
* [271b290] Bump Standards-Version to 4.1.3; no changes needed
* [3cd6715] d/copyright: bump upstream and debian years
* [380d1ac] Drop the ENABLED flag from /etc/default/dovecot (but let the
initscript handle it if it exists)
* [97d6fae] d/watch: switch upstream URL to https://
Checksums-Sha1:
b77048eda2dd397cba70688ce8b6c0f43d615bd3 3164 dovecot_2.2.34-1.dsc
4b1c016d0d3ec4b06a2eb26e7cbbf83e70ac16f9 6181270 dovecot_2.2.34.orig.tar.gz
9b42445eef114e7ed8f19d291b480a8bedf8622a 879184 dovecot_2.2.34-1.debian.tar.xz
7635662c616a30336ac8c4c0d1a774b506218d39 10214516
dovecot-core-dbgsym_2.2.34-1_amd64.deb
9993e696a04f4f4cf1d46e44a1c71af338813919 3587692
dovecot-core_2.2.34-1_amd64.deb
f36a8d6a5ee79c6214dd86fbd23d0d054ff57322 1126556 dovecot-dev_2.2.34-1_amd64.deb
343e937152c327cd1847b473cb6b1fcd9b22158a 18912
dovecot-gssapi-dbgsym_2.2.34-1_amd64.deb
ca3bfd4c67c9ddca88c0fa4734b1d15584adb9b4 829248
dovecot-gssapi_2.2.34-1_amd64.deb
0d6c765ea6cc28a5c889754167746bca78243061 708128
dovecot-imapd-dbgsym_2.2.34-1_amd64.deb
325b2130122d56bacc40c4a340a1ccd09c48636f 972196
dovecot-imapd_2.2.34-1_amd64.deb
8c3c9106e9c22961779e9c694e9c7f9576f181cd 597272
dovecot-ldap-dbgsym_2.2.34-1_amd64.deb
ed7441e6ec303af0beed201bf535c245bf9670e9 1041068
dovecot-ldap_2.2.34-1_amd64.deb
b6b5fe69e5bcd9abe76e813d06a6501d8d00bc2a 84452
dovecot-lmtpd-dbgsym_2.2.34-1_amd64.deb
2a43aed8b82d383c2f741875e8f5297e019cc4f0 843764
dovecot-lmtpd_2.2.34-1_amd64.deb
942dbc6904cb41bb9fb297dae7e1a77de61825aa 136500
dovecot-lucene-dbgsym_2.2.34-1_amd64.deb
7f940d2f677dea39bb607920ff7ef6379541bfc4 848236
dovecot-lucene_2.2.34-1_amd64.deb
9b1e4501973d1f246710bb7082f0a42b280910c6 134620
dovecot-managesieved-dbgsym_2.2.34-1_amd64.deb
6c52687f794459562cab1dad82922add09225f3f 860468
dovecot-managesieved_2.2.34-1_amd64.deb
41828d18a6b2a29e6604f3cbd5523396e857d2da 19528
dovecot-mysql-dbgsym_2.2.34-1_amd64.deb
0b3f3260c028ebe7df4c4baef15bbc43825e76a5 830172
dovecot-mysql_2.2.34-1_amd64.deb
205c2dd7887d7c45b2e2f8a9811141e7c953323a 24260
dovecot-pgsql-dbgsym_2.2.34-1_amd64.deb
f3d2993f5b755031ffa703b3095fd7b74c27caf5 833072
dovecot-pgsql_2.2.34-1_amd64.deb
34d0598c72d488e322c3085748d2cb02fc49bbdb 81268
dovecot-pop3d-dbgsym_2.2.34-1_amd64.deb
3290d7da9c25e7a221f75b5c822a524a9f8d784d 850912
dovecot-pop3d_2.2.34-1_amd64.deb
7f560d3d1b66ce36c5b7267d58a0341056992fbe 1654948
dovecot-sieve-dbgsym_2.2.34-1_amd64.deb
3589f7aaf2842270bd6dff63e230b54010ab4f05 1129152
dovecot-sieve_2.2.34-1_amd64.deb
341a06ea99fd04c047149116f9c67eece5e02e21 91600
dovecot-solr-dbgsym_2.2.34-1_amd64.deb
1931c3dcd59ee3d246231dc699c9c58a6e9bb55c 841088 dovecot-solr_2.2.34-1_amd64.deb
6ae096a49ecb6029d9c9c1233b6b4964692d93e5 12672
dovecot-sqlite-dbgsym_2.2.34-1_amd64.deb
218156ad769c62165568cb5c7408158bce6edb6e 828148
dovecot-sqlite_2.2.34-1_amd64.deb
881af6cbf6c736246fe338659c96bf6a55aaef29 15004 dovecot_2.2.34-1_amd64.buildinfo
Checksums-Sha256:
602be3064c6a872b8a5c4f70ba548d529e9da2aaa7b4d83c45e91ac21b898638 3164
dovecot_2.2.34-1.dsc
5e92a4325409e66b343f6aaa67174b8921ce83d0df792c6eeb0b7b7e2c808353 6181270
dovecot_2.2.34.orig.tar.gz
ed45d14ec501d06e5542fd653aec00d8744558d4d6316939410858b60a2864b8 879184
dovecot_2.2.34-1.debian.tar.xz
9d6330e24ea825050a79ddf2541bc87272690f0754a34b2923ea5ce8336aa971 10214516
dovecot-core-dbgsym_2.2.34-1_amd64.deb
8ed56652c14a9d7e24d57288438d04fdac2fb7e2fb15e65c69c2512853c082b2 3587692
dovecot-core_2.2.34-1_amd64.deb
fd0e10f084f604d4851e29760087493d9778c2e6e73b9016f1a0ff2d5ddbe35f 1126556
dovecot-dev_2.2.34-1_amd64.deb
8f76bd970320757624015acbe64f883eb9e793b571932b31812e531c43d4ed59 18912
dovecot-gssapi-dbgsym_2.2.34-1_amd64.deb
88746ec16980a6bd28f34508acfd63ed95fa7ef3f11c70938a7e2a0f05ce95fc 829248
dovecot-gssapi_2.2.34-1_amd64.deb
7d9375aa4b6f1d07b9e9e1c3cc54f26278169ad8b7c514ebbf40cf900a342116 708128
dovecot-imapd-dbgsym_2.2.34-1_amd64.deb
f27257f60f3dc01ce1e2781c4dcf5c6c2aa58563b993a23041c909828f14aaba 972196
dovecot-imapd_2.2.34-1_amd64.deb
493510b96256097fd3287492671457e0577d0fc84e3f8b7e8de91744981d631a 597272
dovecot-ldap-dbgsym_2.2.34-1_amd64.deb
add3acf71af14817469f027a5010f542cc01adc4f972922210c3d479f73c10a9 1041068
dovecot-ldap_2.2.34-1_amd64.deb
f087f42d8d06e1522d02e46ba0eb2bbc5113f53b58815abf1038ec13f66005d1 84452
dovecot-lmtpd-dbgsym_2.2.34-1_amd64.deb
4d7d408d5cdf8701b314aa273c78fb317f6c0d225698dd922927e086213ca660 843764
dovecot-lmtpd_2.2.34-1_amd64.deb
9ea2698dd6f28d92344454728dfa197b0980805e5dc0d2bcf276649b01b26e31 136500
dovecot-lucene-dbgsym_2.2.34-1_amd64.deb
95d17ac2334817a5eea8aeb705a85656f7c24ab25b56dd9a700fb439ef76e272 848236
dovecot-lucene_2.2.34-1_amd64.deb
77256f6898db95cb07297d114b65f769523e2e7fe0e239bc562e3cae2ead180f 134620
dovecot-managesieved-dbgsym_2.2.34-1_amd64.deb
a9efac573dba61cbf239983cd7eb79860206aa3c61132ee17d0a9965c25410df 860468
dovecot-managesieved_2.2.34-1_amd64.deb
d57dc5f7b47c6c871c2de30ae1907a2bf416d58eb5c2940bd788a67196604ad8 19528
dovecot-mysql-dbgsym_2.2.34-1_amd64.deb
71636b823aca2e40e877958ec74b477b24e3b8ba2dcb43a3e26d49113f8480c8 830172
dovecot-mysql_2.2.34-1_amd64.deb
d6fc7290e59bd3a28c78c6a1b9bab7984f07d8dd600a961c3b567ae2e3d014f1 24260
dovecot-pgsql-dbgsym_2.2.34-1_amd64.deb
20da36e5bd3b710fd2387e5208e15740272416f9a2a72d8b1e3b7a365b3269fd 833072
dovecot-pgsql_2.2.34-1_amd64.deb
f23237dbe26c1456b4acdde244e6b83018cdb518c86424a9bda6e0edfcc8fd5d 81268
dovecot-pop3d-dbgsym_2.2.34-1_amd64.deb
766bb61f1d8319794cdba05ca0c5589111962b6ac6ff06adbf529a43b6fee527 850912
dovecot-pop3d_2.2.34-1_amd64.deb
5bce5a8cf6e40484259f971a1c2c4bcf2f8f5570395178f39cc51d02f34f2303 1654948
dovecot-sieve-dbgsym_2.2.34-1_amd64.deb
efe363ce2c7c57afbd1544079280c43733b9af76ac382225b5cdbdf2b9ed6373 1129152
dovecot-sieve_2.2.34-1_amd64.deb
ba24ffd6935d357b09ae303bfa94fc991ffb71cf31c13bc1380f329f75e05497 91600
dovecot-solr-dbgsym_2.2.34-1_amd64.deb
9fd350bcb49f1f36964b494aa6fe05997e94463bdb634e1b753b7256c0db109d 841088
dovecot-solr_2.2.34-1_amd64.deb
e9301c29e01122be9e1df5cacc3a10805eebb2bd27cf69469e30d2afaef2575a 12672
dovecot-sqlite-dbgsym_2.2.34-1_amd64.deb
5a7e56b56f3daf48561e9939c6ad0bcd950c5d9e2802ab415094a1b511a41cfc 828148
dovecot-sqlite_2.2.34-1_amd64.deb
22eda30a7a07fbae534b4685f902f9e874636037991aad37c6408582b858efe6 15004
dovecot_2.2.34-1_amd64.buildinfo
Files:
5d2ce515c43dfd75957e2ef83a997fe7 3164 mail optional dovecot_2.2.34-1.dsc
29a2e7812c34e6b35db4f86260fed197 6181270 mail optional
dovecot_2.2.34.orig.tar.gz
759e8d3bb83df7665c38183c4811e4eb 879184 mail optional
dovecot_2.2.34-1.debian.tar.xz
cd833ef3caefd2824e7175911f46dfa3 10214516 debug optional
dovecot-core-dbgsym_2.2.34-1_amd64.deb
8f76cc4ca80990707dc7729d490918a8 3587692 mail optional
dovecot-core_2.2.34-1_amd64.deb
e6994490ba0a26ea7de8be4d3ab34c9e 1126556 mail optional
dovecot-dev_2.2.34-1_amd64.deb
12cfdd9ae7674f8503a5c099a2b593a1 18912 debug optional
dovecot-gssapi-dbgsym_2.2.34-1_amd64.deb
a4a62c74426e79d532e4ba3406ee1444 829248 mail optional
dovecot-gssapi_2.2.34-1_amd64.deb
d9b2d64e91e195a968df1d67104547a5 708128 debug optional
dovecot-imapd-dbgsym_2.2.34-1_amd64.deb
49704f38ec739fbd97ecd34b6f205ac0 972196 mail optional
dovecot-imapd_2.2.34-1_amd64.deb
3e84c0dd370b83d52516ea63f76b0dd6 597272 debug optional
dovecot-ldap-dbgsym_2.2.34-1_amd64.deb
8a7ac1d3f5a605fddb9f35a0bd31c9d9 1041068 mail optional
dovecot-ldap_2.2.34-1_amd64.deb
d3d76bcba12f2de8a7f648cdd86efb6f 84452 debug optional
dovecot-lmtpd-dbgsym_2.2.34-1_amd64.deb
48b141e3851f50b11f56fc4acee12d19 843764 mail optional
dovecot-lmtpd_2.2.34-1_amd64.deb
7a205bb9a2318187e9ef981da4d2354d 136500 debug optional
dovecot-lucene-dbgsym_2.2.34-1_amd64.deb
c694353c79828ecdd244940c3fc27b52 848236 mail optional
dovecot-lucene_2.2.34-1_amd64.deb
c32c33f6df493e2408632cea337026d0 134620 debug optional
dovecot-managesieved-dbgsym_2.2.34-1_amd64.deb
65268a4814d23940b6537d7fec48c552 860468 mail optional
dovecot-managesieved_2.2.34-1_amd64.deb
5af519a0d01f7674ab0bb488b3c64e74 19528 debug optional
dovecot-mysql-dbgsym_2.2.34-1_amd64.deb
de4fc4ca543ffa698a9437a1f82af14f 830172 mail optional
dovecot-mysql_2.2.34-1_amd64.deb
8daa613ed81ca23680d92066ab8ab1f7 24260 debug optional
dovecot-pgsql-dbgsym_2.2.34-1_amd64.deb
8a4c310fcf20fdcda50a301a9886facc 833072 mail optional
dovecot-pgsql_2.2.34-1_amd64.deb
fda95a28b9a92a45eb41bd39814c5e86 81268 debug optional
dovecot-pop3d-dbgsym_2.2.34-1_amd64.deb
697e3a7d8e1e36cb3e9dbdb6f3a53fc9 850912 mail optional
dovecot-pop3d_2.2.34-1_amd64.deb
578744859d1d99c2373c763fabb8eb52 1654948 debug optional
dovecot-sieve-dbgsym_2.2.34-1_amd64.deb
1cd8e96d2e3de5ce2c3a2729b9e5ad5c 1129152 mail optional
dovecot-sieve_2.2.34-1_amd64.deb
63cfc30936be702e413af430f43e5d5a 91600 debug optional
dovecot-solr-dbgsym_2.2.34-1_amd64.deb
63ddfa63cf7f1121b783eed52720f138 841088 mail optional
dovecot-solr_2.2.34-1_amd64.deb
04b8d2c24159001d0aa66b4bfa5f60e8 12672 debug optional
dovecot-sqlite-dbgsym_2.2.34-1_amd64.deb
b1157e2779bf4f51a87e11c3309ae4b9 828148 mail optional
dovecot-sqlite_2.2.34-1_amd64.deb
c6cd2e0235db68fd90a9577cc4ad8049 15004 mail optional
dovecot_2.2.34-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlqXyMwACgkQ9RsYxyAk
giQ8Ag//aNthHTzduDA03Jd5RE3XcQXDw8raYQj7JpMtjbRzlx0NJEvyvkUzSjP2
FNoujnsYxQIG92a4iL/FSc7iIVxoxqaqfznhwGl2AtuSVUNtwjkBO51nz6BrGs5k
EtQI326tbZPRX/zoW+4+4OVviEUbkonfZVcmypQQoi80SwEfUhn62iS8E0Djp1Bw
BrkQhX8CwEvdNWrPccDmsGfBM+THaeTcoknQgxrxkYmd9lOz4POjF2zdQCYyNag6
J4hfcnPyaEPb7OpUQ+HcTqnDzzwPMXDMlxcu/4RnMVeuudsPEqEIIUQ5t54SQOal
vqD01WZKiKt49AqA91HR9mgLJyA071nbiJ8Y+9UBD7x71Ni5O3Odj9lu9LWnnhxW
7KFdtmId67OmgvnYRLsvMxvJF2tY41+Xw7tUaTPcPEaje6Q6394qPzffuMlmhc9d
vwTdTo86+n5s6yYf4+ziG/z9+k0NxTGLOcls0KPWew8dOhPbPvH5EKoyPE93FMUb
T2/aFJN/cZdZDJVvaajSCxCVRjyptHJrddSQhCpNMVzHqGHxP5E4Rw/2tYmeGzkN
Sa+wvSNQUKgsJfbzWPVerQ+twc+lH3Da6CsPpHxppbYCKjW6zd94aZpo//oA/blW
p75W/8QNW7rvCOeL9PCzEeSNef03D1QiMzL/4d88P56exWMouR0=
=0x20
-----END PGP SIGNATURE-----
--- End Message ---