lp:ubuntu/edgy-security/dovecot
- Get this branch:
- bzr branch lp:ubuntu/edgy-security/dovecot
Branch merges
Branch information
Recent revisions
- 19. By Kees Cook
-
* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group- fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid- password- fixes.dpatch: proactive upstream fixes
to avoid future issues in underlying passdb (CVE-2008-1218).
* References
http://dovecot. org/list/ dovecot- news/2008- March/000060. html
http://dovecot. org/list/ dovecot- news/2008- March/000064. html - 18. By Kees Cook
-
* SECURITY UPDATE: path traversal in shared spool configurations.
* Add debian/patches/ compressed- folders. dpatch: upstream fix.
* References
CVE-2007-2231 - 17. By Kees Cook
-
* SECURITY UPDATE: denial of service possible when using mmap_disable=yes
which is not the default setting.
* Add debian/patches/ security- off-by- one.dpatch taken from upstream
notification.
* References
http://dovecot. org/list/ dovecot- news/2006- November/ 000023. html
CVE-2006-5973 - 16. By Scott James Remnant (Canonical)
-
* Remove stop script symlinks from rc0 and rc6.
* Remove dependency on linux-kernel-headers. - 13. By Martin Pitt
-
* Merge from debian unstable, resolved minor conflicts.
* debian/control: Removed unnecessary build dependency ssl-cert, add it as
dovecot-common dependency.
* Remove debian/patches/ prohibit_ .._mbox_ mask.dpatch, upstream now. - 12. By Martin Pitt
-
* debian/
dovecot- common. postinst:
- Do not chmod/chown an already existing SSL certificate. This will leave
permissions of the snakeoil SSL key intact. Closes: LP#45207 - 11. By Martin Pitt
-
* Add debian/
patches/ prohibit_ .._mbox_ mask.dpatch:
- Fix information disclosure due to path traversal: Do not allow '.' and
'..' as valid list masks.
- This regression was introduced in some 1.0beta version, so 0.99.x are
not affected.
- Patch taken from upstream:
http://dovecot. org/list/ dovecot- cvs/2006- May/005563. html
- Closes: LP#44364
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/dovecot