Ubuntu
dovecot package

~bryce/ubuntu/+source/dovecot:eoan-merge-2.3.4.1-5

  1. Git
  2. lp:~bryce/ubuntu/+source/dovecot
  3. eoan-merge-2.3.4.1-5
Last commit made on 2019-05-03
Get this branch:
git clone -b eoan-merge-2.3.4.1-5 https://git.launchpad.net/~bryce/ubuntu/+source/dovecot
Only Bryce Harrington can upload to this branch. If you are Bryce Harrington please log in for upload directions.

Branch merges

Branch information

Name:
eoan-merge-2.3.4.1-5
Repository:
lp:~bryce/ubuntu/+source/dovecot

Recent commits

a25190f... by Bryce Harrington

update-maintainer

ce1e8b7... by Bryce Harrington

reconstruct-changelog

74eb710... by Bryce Harrington

merge-changelogs

7facf74... by Bryce Harrington

    - SECURITY UPDATE: submission-login denial of service issues
      + debian/patches/CVE-2019-1149x-1.patch: remove unused
        client->pending_starttls in src/submission-login/client.h.
      + debian/patches/CVE-2019-1149x-2.patch: fix crash occurring when
        client disconnects during authentication in
        src/submission-login/client-authenticate.c,
        src/submission-login/client.c.
      + debian/patches/CVE-2019-1149x-3.patch: fix AUTH response error
        handling so that it stops reading more input in
        src/lib-smtp/smtp-server-cmd-auth.c.
      + CVE-2019-11494
      + CVE-2019-11499
      [Fixed in 1:2.3.4.1-5]

43a85bb... by Bryce Harrington

    - SECURITY UPDATE: JSON encoder assert DoS
      + debian/patches/CVE-2019-10691.patch: escape invalid UTF-8 as unicode
        bytes in src/lib/json-parser.c, src/lib/test-json-parser.c.
      + CVE-2019-10691
      [Fixed in 1:2.3.4.1-4]

3753d0a... by Bryce Harrington

  * Dropped:
    - SECURITY UPDATE: stack overflow when reading FTS or POP3-UIDL header
      + debian/patches/CVE-2019-7524-1.patch: fix buffer overflow when
        reading oversized hdr-pop3-uidl header in
        src/lib-storage/index/index-pop3-uidl.c.
      + debian/patches/CVE-2019-7524-2.patch: fix buffer overflow when
        reading oversized fts header in src/plugins/fts/fts-api.c.
      + CVE-2019-7524
      [Fixed in 1:2.3.4.1-3]

ba6a380... by Christian Ehrhardt 

    - carry mail-stack-delivery as empty transitional package

8aa1881... by Apollon Oikonomopoulos <email address hidden>

Import patches-unapplied version 1:2.3.4.1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: cb5160f006e8b4a4097884d5025e4941f36e87bd

New changelog entries:
  * [bd00402] Fix CVE-2019-11494 and CVE-2019-11499 (Closes: #928235)
     - submission-login: fix null pointer dereference when client
       disconnects during authentication (CVE-2019-11494)
     - submission-login: fix assert-crash when receiving an invalid
       authentication message over TLS (CVE-2019-11499)

cb5160f... by Apollon Oikonomopoulos <email address hidden>

Import patches-unapplied version 1:2.3.4.1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 976d8fd4261e64b944332463dbc89d4324a7c465

New changelog entries:
  * [d04d4ba] Fix assert-crash in JSON encoder (CVE-2019-10691)

976d8fd... by Apollon Oikonomopoulos <email address hidden>

Import patches-unapplied version 1:2.3.4.1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2cf997f8c2357e1fa8061b76f4766bd2b8aaeb24

New changelog entries:
  * [07c9212] Fix two buffer overflows when reading oversized FTS headers
    and/or oversized POP3-UIDL headers (CVE-2019-7524).