This bug was fixed in the package dovecot - 1:2.3.16+dfsg1-3ubuntu1 --------------- dovecot (1:2.3.16+dfsg1-3ubuntu1) jammy; urgency=medium
[ Bryce Harrington ] * Merge with Debian unstable. (LP: #1946855) Remaining changes: - Package references hidden symbols during an LTO link. This needs further investigation. Until then, disable LTO. * Dropped: - SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens + debian/patches/CVE-2021-29157.patch: improve escaping in src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c, src/lib-oauth2/test-oauth2-jwt.c. [Included in Debian 1:2.3.13+dfsg1-2] - SECURITY UPDATE: plaintext command injection before STARTTLS + debian/patches/CVE-2021-33515.patch: properly handle command queue in src/lib-smtp/smtp-server-cmd-starttls.c, src/lib-smtp/smtp-server-connection.c. [Included in Debian 1:2.3.13+dfsg1-2] * d/rules: Disable Debian's recent enablement of LTO as well, as it FTBFS when building with gcc 11. (LP: #1951325) [ Simon Chopin ] * d/p/OpenSSL3.patch: Workaround to fix EC key handling when building with OpenSSL 3.0. (LP: #1945763) -- Bryce Harrington <br...@canonical.com> Wed, 17 Nov 2021 13:46:08 -0800 ** Changed in: dovecot (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-29157 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33515 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1945763 Title: dovecot: Fail to build against OpenSSL 3.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1945763/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs