subject:"Bug#888432\: marked as done \(dovecot\: CVE\-2017\-15132\: auth client leaks memory if SASL authentication is aborted\)"

Bug#888432: marked as done (dovecot: CVE-2017-15132: auth client leaks memory if SASL authentication is aborted)

2018-03-10 Thread Debian Bug Tracking System

Your message dated Sat, 10 Mar 2018 23:17:52 +
with message-id 
and subject line Bug#888432: fixed in dovecot 1:2.2.13-12~deb8u4
has caused the Debian Bug report #888432,
regarding dovecot: CVE-2017-15132: auth client leaks memory if SASL 
authentication is aborted
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
888432: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888432
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dovecot
Version: 1:2.2.13-1
Severity: important
Tags: upstream security patch

Hi,

the following vulnerability was published for dovecot.

CVE-2017-15132[0]:
auth client leaks memory if SASL authentication is aborted

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15132
[1] http://www.openwall.com/lists/oss-security/2018/01/25/4
[2] 
https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dovecot
Source-Version: 1:2.2.13-12~deb8u4

We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 888...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos  (supplier of updated dovecot 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 01 Mar 2018 19:12:05 +0200
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd 
dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap 
dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg
Architecture: source amd64
Version: 1:2.2.13-12~deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Dovecot Maintainers 
Changed-By: Apollon Oikonomopoulos 
Description:
 dovecot-core - secure POP3/IMAP server - core files
 dovecot-dbg - secure POP3/IMAP server - debug symbols
 dovecot-dev - secure POP3/IMAP server - header files
 dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
 dovecot-imapd - secure POP3/IMAP server - IMAP daemon
 dovecot-ldap - secure POP3/IMAP server - LDAP support
 dovecot-lmtpd - secure POP3/IMAP server - LMTP server
 dovecot-lucene - secure POP3/IMAP server - Lucene support
 dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
 dovecot-mysql - secure POP3/IMAP server - MySQL support
 dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
 dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
 dovecot-sieve - secure POP3/IMAP server - Sieve filters support
 dovecot-solr - secure POP3/IMAP server - Solr support
 dovecot-sqlite - secure POP3/IMAP server - SQLite support
Closes: 888432 891819 891820
Changes:
 dovecot (1:2.2.13-12~deb8u4) jessie-security; urgency=high
 .
   * [eb6eab8] Fix CVE-2017-14461: rfc822_parse_domain information leak
 (Closes: #891819)
   * [df2ccf9] Fix CVE-2017-15130: TLS SNI config lookups are inefficient and
 can be used for DoS (Closes: #891820)
  + Use dh-autoreconf, as src/Makefile.in needs to be regenerated. Also
disable dovecot_name.patch, since it changes dovecot's banner in
conjunction with dh_autoreconf.
   * [292742f] Fix CVE-2017-15132: memory leak on aborted SASL auth
 (Closes: #888432)
   * [3e2ccd1] Add myself to Uploaders
Checksums-Sha1:
 672ac1c717a4b282ddf7a257da44d4449e6b178a 3335 dovecot_2.2.13-12~deb8u4.dsc
 ee8efc77cb9d502dc416ae4fba242adc5f01c163 4613824 dovecot_2.2.13.orig.tar.gz
 3b2c547fbb71013f208d4af025ba7b247f538977 746136 
dovecot_2.2.13-12~deb8u4.debian.tar.xz
 48e4c8d80e2210b20aed9d4860d74507449cfd69 2659458 
dovecot-core_2.2.13-12~deb8u4_amd64.deb
 9149f367fcca0d2dd588ca171000a0863a4cd7da 750702 
dovecot-dev_2.2.13-12~deb8u4_amd64.deb
 f26879470c738195253c70069f5b5c60010a1723 646064

Bug#888432: marked as done (dovecot: CVE-2017-15132: auth client leaks memory if SASL authentication is aborted)

2018-03-03 Thread Debian Bug Tracking System

Your message dated Sat, 03 Mar 2018 21:02:09 +
with message-id 
and subject line Bug#888432: fixed in dovecot 1:2.2.27-3+deb9u2
has caused the Debian Bug report #888432,
regarding dovecot: CVE-2017-15132: auth client leaks memory if SASL 
authentication is aborted
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
888432: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888432
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dovecot
Version: 1:2.2.13-1
Severity: important
Tags: upstream security patch

Hi,

the following vulnerability was published for dovecot.

CVE-2017-15132[0]:
auth client leaks memory if SASL authentication is aborted

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15132
[1] http://www.openwall.com/lists/oss-security/2018/01/25/4
[2] 
https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dovecot
Source-Version: 1:2.2.27-3+deb9u2

We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 888...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos  (supplier of updated dovecot 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 01 Mar 2018 15:15:45 +0200
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd 
dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap 
dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg
Architecture: source amd64
Version: 1:2.2.27-3+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Dovecot Maintainers 
Changed-By: Apollon Oikonomopoulos 
Description:
 dovecot-core - secure POP3/IMAP server - core files
 dovecot-dbg - secure POP3/IMAP server - debug symbols
 dovecot-dev - secure POP3/IMAP server - header files
 dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
 dovecot-imapd - secure POP3/IMAP server - IMAP daemon
 dovecot-ldap - secure POP3/IMAP server - LDAP support
 dovecot-lmtpd - secure POP3/IMAP server - LMTP server
 dovecot-lucene - secure POP3/IMAP server - Lucene support
 dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
 dovecot-mysql - secure POP3/IMAP server - MySQL support
 dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
 dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
 dovecot-sieve - secure POP3/IMAP server - Sieve filters support
 dovecot-solr - secure POP3/IMAP server - Solr support
 dovecot-sqlite - secure POP3/IMAP server - SQLite support
Closes: 888432 891819 891820
Changes:
 dovecot (1:2.2.27-3+deb9u2) stretch-security; urgency=high
 .
   * [794e743] Fix CVE-2017-14461: rfc822_parse_domain information leak
 vulnerability (Closes: #891819)
   * [530ca6d] Fix CVE-2017-15130: TLS SNI config lookups are inefficient and
 can be used for DoS (Closes: #891820)
  + Use dh-autoreconf, as src/Makefile.in needs to be regenerated. Also
disable dovecot_name.patch, since it changes dovecot's banner in
conjunction with dh_autoreconf.
   * [68c2156] Fix CVE-2017-15132: memory leak on aborted SASL auth (Closes:
 #888432)
Checksums-Sha1:
 4cfcc5d55d83674da715edb28218f5c6a5df93d1 3416 dovecot_2.2.27-3+deb9u2.dsc
 e007081c43b06fa2670d556de7a62bbb87fc637c 5794668 dovecot_2.2.27.orig.tar.gz
 7f79a204568dc0a59ac80edb5c9e03c1a4f89f07 862944 
dovecot_2.2.27-3+deb9u2.debian.tar.xz
 1271b4fce8a8521c6b36fcc0466ff9882266dd7e 3324024 
dovecot-core_2.2.27-3+deb9u2_amd64.deb
 2fc9e8eef25edcdc885c3d517c6f53042d4c89c4 14125794 
dovecot-dbg_2.2.27-3+deb9u2_amd64.deb
 146d8dd2723189aa9d3089303b2b3ed0f288cb9b 960708 
dovecot-dev_2.2.27-3+deb9u2_amd64.deb

Bug#888432: marked as done (dovecot: CVE-2017-15132: auth client leaks memory if SASL authentication is aborted)

2018-03-01 Thread Debian Bug Tracking System

Your message dated Thu, 01 Mar 2018 09:50:15 +
with message-id 
and subject line Bug#888432: fixed in dovecot 1:2.2.34-1
has caused the Debian Bug report #888432,
regarding dovecot: CVE-2017-15132: auth client leaks memory if SASL 
authentication is aborted
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
888432: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888432
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dovecot
Version: 1:2.2.13-1
Severity: important
Tags: upstream security patch

Hi,

the following vulnerability was published for dovecot.

CVE-2017-15132[0]:
auth client leaks memory if SASL authentication is aborted

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15132
[1] http://www.openwall.com/lists/oss-security/2018/01/25/4
[2] 
https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dovecot
Source-Version: 1:2.2.34-1

We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 888...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos  (supplier of updated dovecot 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 01 Mar 2018 10:55:49 +0200
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd 
dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap 
dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene
Architecture: source amd64
Version: 1:2.2.34-1
Distribution: unstable
Urgency: medium
Maintainer: Dovecot Maintainers 
Changed-By: Apollon Oikonomopoulos 
Description:
 dovecot-core - secure POP3/IMAP server - core files
 dovecot-dev - secure POP3/IMAP server - header files
 dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
 dovecot-imapd - secure POP3/IMAP server - IMAP daemon
 dovecot-ldap - secure POP3/IMAP server - LDAP support
 dovecot-lmtpd - secure POP3/IMAP server - LMTP server
 dovecot-lucene - secure POP3/IMAP server - Lucene support
 dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
 dovecot-mysql - secure POP3/IMAP server - MySQL support
 dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
 dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
 dovecot-sieve - secure POP3/IMAP server - Sieve filters support
 dovecot-solr - secure POP3/IMAP server - Solr support
 dovecot-sqlite - secure POP3/IMAP server - SQLite support
Closes: 888432 891819 891820
Changes:
 dovecot (1:2.2.34-1) unstable; urgency=medium
 .
   * [f53dc9a] New upstream version 2.2.34
 Fixes the following security issues:
  + CVE-2017-15130: TLS SNI config lookups may lead to excessive memory
usage (Closes: #891820)
  + CVE-2017-14461: rfc822_parse_domain information leak vulnerability
(Closes: #891819)
  + CVE-2017-15132: auth client leaks memory if SASL authentication is
aborted (Closes: #888432)
   * [0dc98c6] Do not patch all-settings.c; regenerate it at build time
 instead. Thanks to Aki Tuomi!
   * [e678e3b] Bump dh compat to 11
  + B-D on debhelper (>= 11~)
  + Use dh_installsystemd instead of dh_systemd_enable
   * [271b290] Bump Standards-Version to 4.1.3; no changes needed
   * [3cd6715] d/copyright: bump upstream and debian years
   * [380d1ac] Drop the ENABLED flag from /etc/default/dovecot (but let the
 initscript handle it if it exists)
   * [97d6fae] d/watch: switch upstream URL to https://
Checksums-Sha1:
 b77048eda2dd397cba70688ce8b6c0f43d615bd3 3164 dovecot_2.2.34-1.dsc
 4b1c016d0d3ec4b06a2eb26e7cbbf83e70ac16f9 6181270 dovecot_2.2.34.orig.tar.gz
 9b42445eef114e7ed8f19d291b480a8bedf8622a 879184

Bug#888432: marked as done (dovecot: CVE-2017-15132: auth client leaks memory if SASL authentication is aborted)

Bug#888432: marked as done (dovecot: CVE-2017-15132: auth client leaks memory if SASL authentication is aborted)

Bug#888432: marked as done (dovecot: CVE-2017-15132: auth client leaks memory if SASL authentication is aborted)

3 matches

Site Navigation

Mail list logo

Footer information