Your message dated Fri, 29 Mar 2019 09:47:49 +0000
with message-id <[email protected]>
and subject line unblock dovecot
has caused the Debian Bug report #925924,
regarding unblock: dovecot/2.3.4.1-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
925924: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925924
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package dovecot.
2.3.4.1-3, which was uploaded to unstable today, fixes two cases of
buffer overflows (collectively known as CVE-2019-7524). Please allow it
to migrate to testing as soon as possible. Full source debdiff against
testing attached.
Thanks,
Apollon
unblock dovecot/2.3.4.1-3
diff -Nru dovecot-2.3.4.1/debian/changelog dovecot-2.3.4.1/debian/changelog
--- dovecot-2.3.4.1/debian/changelog 2019-03-14 11:02:39.000000000 +0200
+++ dovecot-2.3.4.1/debian/changelog 2019-03-25 23:06:01.000000000 +0200
@@ -1,3 +1,10 @@
+dovecot (1:2.3.4.1-3) unstable; urgency=high
+
+ * [07c9212] Fix two buffer overflows when reading oversized FTS headers
+ and/or oversized POP3-UIDL headers (CVE-2019-7524).
+
+ -- Apollon Oikonomopoulos <[email protected]> Mon, 25 Mar 2019 23:06:01
+0200
+
dovecot (1:2.3.4.1-2) unstable; urgency=medium
[ Laurent Bigonville ]
diff -Nru dovecot-2.3.4.1/debian/patches/CVE-2019-7524
dovecot-2.3.4.1/debian/patches/CVE-2019-7524
--- dovecot-2.3.4.1/debian/patches/CVE-2019-7524 1970-01-01
02:00:00.000000000 +0200
+++ dovecot-2.3.4.1/debian/patches/CVE-2019-7524 2019-03-25
23:06:01.000000000 +0200
@@ -0,0 +1,59 @@
+From 2d31f0e08a80217c039be4aaae8de25bed0251f4 Mon Sep 17 00:00:00 2001
+From: Apollon Oikonomopoulos <[email protected]>
+Date: Mon, 25 Mar 2019 23:04:44 +0200
+Subject: [PATCH] Fix CVE-2019-7524
+
+commit ad1350ff036965c33f0aae20432ec73ca84f7819
+Author: Timo Sirainen <[email protected]>
+Date: Mon Feb 4 19:25:13 2019 -0800
+
+ fts: Fix buffer overflow when reading oversized fts header
+
+commit 89e05f17de80e19078544ef887d83d160491214e
+Author: Timo Sirainen <[email protected]>
+Date: Mon Feb 4 19:23:02 2019 -0800
+
+ lib-storage: Fix buffer overflow when reading oversized hdr-pop3-uidl
header
+---
+ src/lib-storage/index/index-pop3-uidl.c | 4 ++--
+ src/plugins/fts/fts-api.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib-storage/index/index-pop3-uidl.c
b/src/lib-storage/index/index-pop3-uidl.c
+index 13b7363ef..e537e9ff5 100644
+--- a/src/lib-storage/index/index-pop3-uidl.c
++++ b/src/lib-storage/index/index-pop3-uidl.c
+@@ -37,7 +37,7 @@ bool index_pop3_uidl_can_exist(struct mail *mail)
+ /* this header isn't set yet */
+ return TRUE;
+ }
+- memcpy(&uidl, data, size);
++ memcpy(&uidl, data, sizeof(uidl));
+ return mail->uid <= uidl.max_uid_with_pop3_uidl;
+ }
+
+@@ -95,7 +95,7 @@ void index_pop3_uidl_update_exists_finish(struct
mailbox_transaction_context *tr
+
+ /* check if we have already the same header */
+ if (size >= sizeof(uidl)) {
+- memcpy(&uidl, data, size);
++ memcpy(&uidl, data, sizeof(uidl));
+ if (trans->highest_pop3_uidl_uid == uidl.max_uid_with_pop3_uidl)
+ return;
+ }
+diff --git a/src/plugins/fts/fts-api.c b/src/plugins/fts/fts-api.c
+index 5a5b2a919..4f8a1c125 100644
+--- a/src/plugins/fts/fts-api.c
++++ b/src/plugins/fts/fts-api.c
+@@ -425,7 +425,7 @@ bool fts_index_get_header(struct mailbox *box, struct
fts_index_header *hdr_r)
+ i_zero(hdr_r);
+ ret = FALSE;
+ } else {
+- memcpy(hdr_r, data, data_size);
++ memcpy(hdr_r, data, sizeof(*hdr_r));
+ ret = TRUE;
+ }
+ mail_index_view_close(&view);
+--
+2.20.1
+
diff -Nru dovecot-2.3.4.1/debian/patches/series
dovecot-2.3.4.1/debian/patches/series
--- dovecot-2.3.4.1/debian/patches/series 2019-03-14 11:02:39.000000000
+0200
+++ dovecot-2.3.4.1/debian/patches/series 2019-03-25 23:06:01.000000000
+0200
@@ -9,4 +9,5 @@
ssl-dh-params-location.patch
lib-master-test-event-stats-Use-PRIu64-format.patch
avoid-double-closing-mysql.patch
+CVE-2019-7524
debian-changes
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
