lp:ubuntu/dapper-updates/dovecot
- Get this branch:
- bzr branch lp:ubuntu/dapper-updates/dovecot
Branch merges
Branch information
Recent revisions
- 17. By Kees Cook
-
* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group- fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid- password- fixes.dpatch: proactive upstream fixes
to avoid future issues in underlying passdb (CVE-2008-1218).
* References
http://dovecot. org/list/ dovecot- news/2008- March/000060. html
http://dovecot. org/list/ dovecot- news/2008- March/000064. html - 16. By Kees Cook
-
* SECURITY UPDATE: path traversal in shared spool configurations.
* Add debian/patches/ compressed- folders. dpatch: upstream fix.
* References
CVE-2007-2231 - 15. By Kees Cook
-
* SECURITY UPDATE: denial of service possible when using mmap_disable=yes
which is not the default setting.
* Add debian/patches/ security- off-by- one.dpatch taken from upstream
notification.
* References
http://dovecot. org/list/ dovecot- news/2006- November/ 000023. html
CVE-2006-5973 - 14. By Martin Pitt
-
debian/
patches/ sql_escape. dpatch: Supply the correct mysql connection
argument to mysql_real_escape_ string( ). Closes: LP#49601. - 13. By Martin Pitt
-
* SECURITY UPDATE: SQL injection with certain client character encodings.
* Add debian/patches/ sql_escape. dpatch:
- Use database client library's SQL escaping methods to avoid wrongly
escaped quotes.
- Patch taken from upstream CVS:
http://dovecot. org/list/ dovecot- cvs/2006- May/005621. html
http://dovecot. org/list/ dovecot- cvs/2006- May/005623. html
* CVE-2006-2314 - 12. By Martin Pitt
-
* debian/
dovecot- common. postinst:
- Do not chmod/chown an already existing SSL certificate. This will leave
permissions of the snakeoil SSL key intact. Closes: LP#45207 - 11. By Martin Pitt
-
* Add debian/
patches/ prohibit_ .._mbox_ mask.dpatch:
- Fix information disclosure due to path traversal: Do not allow '.' and
'..' as valid list masks.
- This regression was introduced in some 1.0beta version, so 0.99.x are
not affected.
- Patch taken from upstream:
http://dovecot. org/list/ dovecot- cvs/2006- May/005563. html
- Closes: LP#44364 - 8. By Martin Pitt
-
* Synchronize to Debian, UVF exception approved by mdz. Closes: LP#30314
* Removed auth_crashfix.dpatch, login-crashfixe s.dpatch: Fixed upstream.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/dovecot