dovecot (1:2.0.19-0ubuntu2.8) precise-security; urgency=medium
* SECURITY REGRESSION: updating CVE-2019-11500-3.patch with the right check
dovecot (1:2.0.19-0ubuntu2.7) precise-security; urgency=medium
* SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds
heap memory writes
- debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
NULs in src/lib-imap/imap-parser.c and
pigeonhole/src/lib-managesieve/managesieve-parser.c,
make sure str_unescape won't be writing past allocated memory
in src/lib-imap/imap-parser.c and
pieonhole/src/lig-managesieve/managesieve-parser.c.
- CVE-2019-11500
dovecot (1:2.0.19-0ubuntu2.6) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: incorrect client certificate validation
- debian/patches/CVE-2019-3814-1.patch: do not import empty certificate
username in src/auth/auth-request.c.
- debian/patches/CVE-2019-3814-2.patch: fail authentication if
certificate username was unexpectedly missing in
src/auth/auth-request-handler.c.
- debian/patches/CVE-2019-3814-3.patch: ensure we get username from
certificate in src/login-common/sasl-server.c.
- CVE-2019-3814
dovecot (1:2.0.19-0ubuntu2.5) precise-security; urgency=medium
* SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
- debian/patches/CVE-2017-14461/*.patch: upstream parsing fixes.
- CVE-2017-14461
* SECURITY UPDATE: TLS SNI config lookups DoS
- debian/patches/CVE-2017-15130/*.patch: upstream config filtering fix.
- CVE-2017-15130
dovecot (1:2.0.19-0ubuntu2.4) precise-security; urgency=medium
* SECURITY UPDATE: passdb exploitable throuh checkpassword
- debian/patches/CVE-2013-6171.patch: refuse to run checkpassword
script insecurely by default in src/auth/checkpassword-reply.c,
src/auth/db-checkpassword.c.
- CVE-2013-6171
* SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
- debian/patches/CVE-2017-15132.patch: fix memory leak in
auth_client_request_abort() in src/lib-auth/auth-client-request.c.
- debian/patches/CVE-2017-15132-additional.patch: remove request after
abort in src/lib-auth/auth-client-request.c,
src/lib-auth/auth-server-connection.c,
src/lib-auth/auth-serser-connection.h.
- CVE-2017-15132
dovecot (1:2.0.19-0ubuntu2.2) precise; urgency=medium
* Backport support for the ssl_protocols setting to easily allow
disabling SSLv3. (LP: #1381537)
- debian/patches/backport_ssl_protocols.patch: added new setting to
src/login-common/login-settings.c, src/login-common/login-settings.h,
src/login-common/ssl-proxy-openssl.c, src/config/all-settings.c.
Date: 2019-08-28 17:13:27.534455+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.0.19-0ubuntu2.8
Sorry, changesfile not available.
--
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes