Ubuntu
dovecot package

ubuntu/+source/dovecot:ubuntu/eoan-proposed

  1. Git
  2. lp:ubuntu/+source/dovecot
  3. ubuntu/eoan-proposed
Last commit made on 2020-07-15
Get this branch:
git clone -b ubuntu/eoan-proposed https://git.launchpad.net/ubuntu/+source/dovecot
Members of git-ubuntu import can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/eoan-proposed
Repository:
lp:ubuntu/+source/dovecot

Recent commits

a9c2a62... by Bryce Harrington

changelog

0d1be14... by Bryce Harrington

  * SECURITY UPDATE: The IMAP protocol parser does not properly handled
    the NUL byte when scanning data in quoted strings, leading to out of
    bounds heap memory writes.
    - debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
      NULs in src/lib-imap/imap-parser.c and
      pigeonhole/src/lib-managesieve/managesieve-parser.c,
      make sure str_unescape won't be writing past allocated memory
      in src/lib-imap/imap-parser.c and
      pieonhole/src/lig-managesieve/managesieve-parser.c.
    - CVE-2019-11500

9a3dd40... by Robie Basak

1:2.3.4.1-5ubuntu2 (patches unapplied)

Imported using git-ubuntu import.

84a4486... by Bryce Harrington

update-maintainer

9c4a99f... by Bryce Harrington

reconstruct-changelog

af06e26... by Bryce Harrington

merge-changelogs

25f0e9b... by Bryce Harrington

    - SECURITY UPDATE: submission-login denial of service issues
      + debian/patches/CVE-2019-1149x-1.patch: remove unused
        client->pending_starttls in src/submission-login/client.h.
      + debian/patches/CVE-2019-1149x-2.patch: fix crash occurring when
        client disconnects during authentication in
        src/submission-login/client-authenticate.c,
        src/submission-login/client.c.
      + debian/patches/CVE-2019-1149x-3.patch: fix AUTH response error
        handling so that it stops reading more input in
        src/lib-smtp/smtp-server-cmd-auth.c.
      + CVE-2019-11494
      + CVE-2019-11499
      [Fixed in 1:2.3.4.1-5]

69ff1bb... by Bryce Harrington

    - SECURITY UPDATE: JSON encoder assert DoS
      + debian/patches/CVE-2019-10691.patch: escape invalid UTF-8 as unicode
        bytes in src/lib/json-parser.c, src/lib/test-json-parser.c.
      + CVE-2019-10691
      [Fixed in 1:2.3.4.1-4]

c955cc1... by Bryce Harrington

  * Dropped:
    - SECURITY UPDATE: stack overflow when reading FTS or POP3-UIDL header
      + debian/patches/CVE-2019-7524-1.patch: fix buffer overflow when
        reading oversized hdr-pop3-uidl header in
        src/lib-storage/index/index-pop3-uidl.c.
      + debian/patches/CVE-2019-7524-2.patch: fix buffer overflow when
        reading oversized fts header in src/plugins/fts/fts-api.c.
      + CVE-2019-7524
      [Fixed in 1:2.3.4.1-3]

381b9bc... by Christian Ehrhardt 

    - carry mail-stack-delivery as empty transitional package