lp:ubuntu/edgy-security/dovecot

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/edgy-security/dovecot
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

19. By Kees Cook

* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes
  to avoid future issues in underlying passdb (CVE-2008-1218).
* References
  http://dovecot.org/list/dovecot-news/2008-March/000060.html
  http://dovecot.org/list/dovecot-news/2008-March/000064.html

18. By Kees Cook

* SECURITY UPDATE: path traversal in shared spool configurations.
* Add debian/patches/compressed-folders.dpatch: upstream fix.
* References
  CVE-2007-2231

17. By Kees Cook

* SECURITY UPDATE: denial of service possible when using mmap_disable=yes
  which is not the default setting.
* Add debian/patches/security-off-by-one.dpatch taken from upstream
  notification.
* References
  http://dovecot.org/list/dovecot-news/2006-November/000023.html
  CVE-2006-5973

16. By Scott James Remnant (Canonical)

* Remove stop script symlinks from rc0 and rc6.
* Remove dependency on linux-kernel-headers.

15. By Martin Pitt

Merge from debian unstable.

14. By Martin Pitt

Merge from debian unstable.

13. By Martin Pitt

* Merge from debian unstable, resolved minor conflicts.
* debian/control: Removed unnecessary build dependency ssl-cert, add it as
  dovecot-common dependency.
* Remove debian/patches/prohibit_.._mbox_mask.dpatch, upstream now.

12. By Martin Pitt

* debian/dovecot-common.postinst:
  - Do not chmod/chown an already existing SSL certificate. This will leave
    permissions of the snakeoil SSL key intact. Closes: LP#45207

11. By Martin Pitt

* Add debian/patches/prohibit_.._mbox_mask.dpatch:
  - Fix information disclosure due to path traversal: Do not allow '.' and
    '..' as valid list masks.
  - This regression was introduced in some 1.0beta version, so 0.99.x are
    not affected.
  - Patch taken from upstream:
    http://dovecot.org/list/dovecot-cvs/2006-May/005563.html
  - Closes: LP#44364

10. By Scott James Remnant (Canonical)

Create /var/run/dovecot on boot.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/dovecot
This branch contains Public information 
Everyone can see this information.

Subscribers