** Description changed:
- Scheduled-For: 23.01
Upstream: tbd
- Debian: 1:2.3.16+dfsg1-3
+ Debian: 1:2.3.16+dfsg1-3
Ubuntu: 1:2.3.13+dfsg1-1ubuntu3
-
Debian does new releases regularly, so it's likely there will be newer
versions available before FF that we can pick up if this merge is done
later in the cycle.
-
### New Debian Changes ###
dovecot (1:2.3.16+dfsg1-3) unstable; urgency=medium
- * [7b858b6] Fix FTBFS on mips(64)el. Stacktrace generation on these
- architectures requires -funwind-tables, as with 32-bit arm.
+ * [7b858b6] Fix FTBFS on mips(64)el. Stacktrace generation on these
+ architectures requires -funwind-tables, as with 32-bit arm.
- -- Noah Meyerhans <[email protected]> Thu, 16 Sep 2021 08:41:27 -0700
+ -- Noah Meyerhans <[email protected]> Thu, 16 Sep 2021 08:41:27 -0700
dovecot (1:2.3.16+dfsg1-2) unstable; urgency=medium
- [ Christian Göttsche ]
- * [e1e9ece] d/patches: rework backtrace test patch
- * [be404bf] d/patches: add big-endian patch
+ [ Christian Göttsche ]
+ * [e1e9ece] d/patches: rework backtrace test patch
+ * [be404bf] d/patches: add big-endian patch
- -- Noah Meyerhans <[email protected]> Fri, 10 Sep 2021 16:10:50 -0700
+ -- Noah Meyerhans <[email protected]> Fri, 10 Sep 2021 16:10:50 -0700
dovecot (1:2.3.16+dfsg1-1) unstable; urgency=medium
- [ Christian Göttsche ]
- * [ff4a227] New upstream version 2.3.14+dfsg1
- * [963fa3b] New upstream version 2.3.15+dfsg1 (Closes: #991323, #983510)
- * [5e0c898] d/watch: adjust dversionmangle for dfsg suffix
- * [9ffb0f5] d/patches: update
- * [850e1d6] New upstream version 2.3.16+dfsg1
- * [7140b87] d/patches: rebase patches
- * [fb1b77e] d/rules: enable LTO
- * [ce7055d] d/control: add libsystemd-dev dependency
- * [db93263] d/copyright: drop unused section
- * [aeec1e8] d/rules: update how to set systemdsystemunitdir
- * [ebe9709] d/patches: resolve compiler warnings
- * [19b2bb0] d/changelog: bump to 1:2.3.16+dfsg1-1
- * [58a4078] d/patches: update 32bit warnings patch
+ [ Christian Göttsche ]
+ * [ff4a227] New upstream version 2.3.14+dfsg1
+ * [963fa3b] New upstream version 2.3.15+dfsg1 (Closes: #991323, #983510)
+ * [5e0c898] d/watch: adjust dversionmangle for dfsg suffix
+ * [9ffb0f5] d/patches: update
+ * [850e1d6] New upstream version 2.3.16+dfsg1
+ * [7140b87] d/patches: rebase patches
+ * [fb1b77e] d/rules: enable LTO
+ * [ce7055d] d/control: add libsystemd-dev dependency
+ * [db93263] d/copyright: drop unused section
+ * [aeec1e8] d/rules: update how to set systemdsystemunitdir
+ * [ebe9709] d/patches: resolve compiler warnings
+ * [19b2bb0] d/changelog: bump to 1:2.3.16+dfsg1-1
+ * [58a4078] d/patches: update 32bit warnings patch
- [ Noah Meyerhans ]
- * [f217c2e] Fix indexer crash
- * [b075317] Import upstream patch for indexer crash on client disconnect
- * [36e8740] drop debian/dovecot-core.maintscript
+ [ Noah Meyerhans ]
+ * [f217c2e] Fix indexer crash
+ * [b075317] Import upstream patch for indexer crash on client disconnect
+ * [36e8740] drop debian/dovecot-core.maintscript
- -- Noah Meyerhans <[email protected]> Thu, 02 Sep 2021 13:22:16 -0700
+ -- Noah Meyerhans <[email protected]> Thu, 02 Sep 2021 13:22:16 -0700
dovecot (1:2.3.13+dfsg1-2) unstable; urgency=high
- * Import upstream fixes for security issues (Closes: #990566):
- - CVE-2021-29157: Path traversal issue allowing an attacker with
- access to the local filesystem can trick OAuth2 authentication into
- using an HS256 validation key from an attacker-controlled location
- - CVE-2021-33515: Sensitive information could be redirected to an
- attacker-controlled address because of a STARTTLS command injection
- bug in the submission service
+ * Import upstream fixes for security issues (Closes: #990566):
+ - CVE-2021-29157: Path traversal issue allowing an attacker with
+ access to the local filesystem can trick OAuth2 authentication into
+ using an HS256 validation key from an attacker-controlled location
+ - CVE-2021-33515: Sensitive information could be redirected to an
+ attacker-controlled address because of a STARTTLS command injection
+ bug in the submission service
- -- Noah Meyerhans <[email protected]> Tue, 20 Jul 2021 08:05:19 -0700
+ -- Noah Meyerhans <[email protected]> Tue, 20 Jul 2021 08:05:19 -0700
dovecot (1:2.3.13+dfsg1-1) unstable; urgency=medium
- [ Christian Göttsche ]
- * [6829237] New upstream version 2.3.13 (Closes: #979363)
- - CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
- - CVE-2020-25275: MIME parsing crashes with particular messages
+ [ Christian Göttsche ]
+ * [6829237] New upstream version 2.3.13 (Closes: #979363)
+ - CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
+ - CVE-2020-25275: MIME parsing crashes with particular messages
- * [6d25736] Add libzstd-dev to build-dependencies (Closes: #969165)
- * [5956798] Rebase patches
- * [2cb63c3] Bump to standards version 4.5.1 (no further changes)
- * [548bac5] Drop unmatched copyright src/lib-ntlm/* wildcard
- * [6f33f3f] Ignore package-contains-documentation-outside-usr-share-doc
- false-positives
- * [dde9c94] Handle removed configuration file in postinst
+ * [6d25736] Add libzstd-dev to build-dependencies (Closes: #969165)
+ * [5956798] Rebase patches
+ * [2cb63c3] Bump to standards version 4.5.1 (no further changes)
+ * [548bac5] Drop unmatched copyright src/lib-ntlm/* wildcard
+ * [6f33f3f] Ignore package-contains-documentation-outside-usr-share-doc
+ false-positives
+ * [dde9c94] Handle removed configuration file in postinst
- [ Pino Toscano ]
- * [04a60e3] d/{control,rules}: disable apparmor support on !linux archs
- (Closes: #951869)
+ [ Pino Toscano ]
+ * [04a60e3] d/{control,rules}: disable apparmor support on !linux archs
+ (Closes: #951869)
- [ Helmut Grohne ]
- * [e5f9fcb] d/patches: improve cross-compile support (Closes: #979370)
+ [ Helmut Grohne ]
+ * [e5f9fcb] d/patches: improve cross-compile support (Closes: #979370)
- -- Noah Meyerhans <[email protected]> Mon, 25 Jan 2021 15:38:17 -0800
+ -- Noah Meyerhans <[email protected]> Mon, 25 Jan 2021 15:38:17 -0800
dovecot (1:2.3.11.3+dfsg1-2) unstable; urgency=medium
- [ Christian Göttsche ]
- * [44770f6] Add patch for 32bit compiler warnings
- * [053865a] Lintian: remove unused override
- * [4ece2e1] Lintian: add forwarded header to Debian specific patches
- * [67872b7] Lintian: ignore Debian only man page
- * [d30bd7e] Lintian: tag manpage-without-executable got renamed to
- spare-manual-page
- * [3bdf952] Limit libcap-dev build-dependency to linux-any
- * [28f6425] Drop acute accent in man page
- * [8c15850] Add patch allowing GSSAPI containing NULL
+ [ Christian Göttsche ]
+ * [44770f6] Add patch for 32bit compiler warnings
+ * [053865a] Lintian: remove unused override
+ * [4ece2e1] Lintian: add forwarded header to Debian specific patches
+ * [67872b7] Lintian: ignore Debian only man page
+ * [d30bd7e] Lintian: tag manpage-without-executable got renamed to
+ spare-manual-page
+ * [3bdf952] Limit libcap-dev build-dependency to linux-any
+ * [28f6425] Drop acute accent in man page
+ * [8c15850] Add patch allowing GSSAPI containing NULL
- -- Noah Meyerhans <[email protected]> Wed, 19 Aug 2020 12:06:07 -0700
+ -- Noah Meyerhans <[email protected]> Wed, 19 Aug 2020 12:06:07 -0700
dovecot (1:2.3.11.3+dfsg1-1) unstable; urgency=high
- * New upstream release fixes security issues (Closes: #968302)
- - CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to
- resource exhaustion as Dovecot attempts to parse it.
- - CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check
- message buffer size, which leads to reading past allocation which can
- lead to crash.
- - CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts
- zero-length message, which leads to assert-crash later on.
-
+ * New upstream release fixes security issues (Closes: #968302)
+ - CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to
+ resource exhaustion as Dovecot attempts to parse it.
+ - CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check
+ message buffer size, which leads to reading past allocation which can
+ lead to crash.
+ - CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts
+ zero-length message, which leads to assert-crash later on.
### Old Ubuntu Delta ###
dovecot (1:2.3.13+dfsg1-1ubuntu3) impish; urgency=medium
- * No-change rebuild due to OpenLDAP soname bump.
+ * No-change rebuild due to OpenLDAP soname bump.
- -- Sergio Durigan Junior <[email protected]> Mon, 21 Jun
+ -- Sergio Durigan Junior <[email protected]> Mon, 21 Jun
2021 17:46:46 -0400
dovecot (1:2.3.13+dfsg1-1ubuntu2) impish; urgency=medium
- * SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
- - debian/patches/CVE-2021-29157.patch: improve escaping in
- src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c,
- src/lib-oauth2/test-oauth2-jwt.c.
- - CVE-2021-29157
- * SECURITY UPDATE: plaintext command injection before STARTTLS
- - debian/patches/CVE-2021-33515.patch: properly handle command queue in
- src/lib-smtp/smtp-server-cmd-starttls.c,
- src/lib-smtp/smtp-server-connection.c.
- - CVE-2021-33515
+ * SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
+ - debian/patches/CVE-2021-29157.patch: improve escaping in
+ src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c,
+ src/lib-oauth2/test-oauth2-jwt.c.
+ - CVE-2021-29157
+ * SECURITY UPDATE: plaintext command injection before STARTTLS
+ - debian/patches/CVE-2021-33515.patch: properly handle command queue in
+ src/lib-smtp/smtp-server-cmd-starttls.c,
+ src/lib-smtp/smtp-server-connection.c.
+ - CVE-2021-33515
- -- Marc Deslauriers <[email protected]> Wed, 16 Jun 2021
+ -- Marc Deslauriers <[email protected]> Wed, 16 Jun 2021
09:02:15 -0400
dovecot (1:2.3.13+dfsg1-1ubuntu1) hirsute; urgency=medium
- * Package references hidden symbols during an LTO link. This needs further
- investigation. Until then, disable LTO.
+ * Package references hidden symbols during an LTO link. This needs further
+ investigation. Until then, disable LTO.
- -- Matthias Klose <[email protected]> Tue, 30 Mar 2021 17:23:55 +0200
+ -- Matthias Klose <[email protected]> Tue, 30 Mar 2021 17:23:55 +0200
dovecot (1:2.3.13+dfsg1-1build1) hirsute; urgency=high
- * No change rebuild against clucene-core
+ * No change rebuild against clucene-core
- -- Balint Reczey <[email protected]> Thu, 18 Feb 2021 18:19:47 +0100
+ -- Balint Reczey <[email protected]> Thu, 18 Feb 2021 18:19:47 +0100
** Changed in: dovecot (Ubuntu)
Milestone: None => ubuntu-22.01
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1946855
Title:
Merge dovecot from Debian unstable for 22.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1946855/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
