Ubuntu
dovecot package

lp:ubuntu/dapper-updates/dovecot

Dapper (6.06)
dapper-updates

Created by James Westby on 2009-12-05 and last modified on 2009-12-05

Get this branch:: bzr branch lp:ubuntu/dapper-updates/dovecot

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

17. By Kees Cook on 2008-03-24: * SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes
  to avoid future issues in underlying passdb (CVE-2008-1218).
* References
  http://dovecot.org/list/dovecot-news/2008-March/000060.html
  http://dovecot.org/list/dovecot-news/2008-March/000064.html
16. By Kees Cook on 2007-07-17: * SECURITY UPDATE: path traversal in shared spool configurations.
* Add debian/patches/compressed-folders.dpatch: upstream fix.
* References
CVE-2007-2231
15. By Kees Cook on 2006-11-22: * SECURITY UPDATE: denial of service possible when using mmap_disable=yes
  which is not the default setting.
* Add debian/patches/security-off-by-one.dpatch taken from upstream
  notification.
* References
  http://dovecot.org/list/dovecot-news/2006-November/000023.html
  CVE-2006-5973
14. By Martin Pitt on 2006-06-13: debian/patches/sql_escape.dpatch: Supply the correct mysql connection
argument to mysql_real_escape_string(). Closes: LP#49601.
13. By Martin Pitt on 2006-06-02: * SECURITY UPDATE: SQL injection with certain client character encodings.
* Add debian/patches/sql_escape.dpatch:
  - Use database client library's SQL escaping methods to avoid wrongly
    escaped quotes.
  - Patch taken from upstream CVS:
    http://dovecot.org/list/dovecot-cvs/2006-May/005621.html
    http://dovecot.org/list/dovecot-cvs/2006-May/005623.html
* CVE-2006-2314
12. By Martin Pitt on 2006-05-17: * debian/dovecot-common.postinst:
- Do not chmod/chown an already existing SSL certificate. This will leave
permissions of the snakeoil SSL key intact. Closes: LP#45207
11. By Martin Pitt on 2006-05-12: * Add debian/patches/prohibit_.._mbox_mask.dpatch:
  - Fix information disclosure due to path traversal: Do not allow '.' and
    '..' as valid list masks.
  - This regression was introduced in some 1.0beta version, so 0.99.x are
    not affected.
  - Patch taken from upstream:
    http://dovecot.org/list/dovecot-cvs/2006-May/005563.html
  - Closes: LP#44364
10. By Scott James Remnant (Canonical) on 2006-04-11: Create /var/run/dovecot on boot.
9. By Adam Conrad on 2006-04-06: Rebuild against the new libmysqlclient15off with correct symbols.
8. By Martin Pitt on 2006-04-04: * Synchronize to Debian, UVF exception approved by mdz. Closes: LP#30314
* Removed auth_crashfix.dpatch, login-crashfixes.dpatch: Fixed upstream.

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/lucid/dovecot

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntudovecot package