ubuntu/+source/dovecot:ubuntu/cosmic-security

Last commit made on 2019-04-30
Get this branch:
git clone -b ubuntu/cosmic-security https://git.launchpad.net/ubuntu/+source/dovecot
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/cosmic-security
Repository:
lp:ubuntu/+source/dovecot

Recent commits

73323d2... by Marc Deslauriers on 2019-04-29

Import patches-unapplied version 1:2.3.2.1-1ubuntu3.4 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 8ac77d3c61a676b2e7a6aba1048babdeedab8f65

New changelog entries:
  * SECURITY UPDATE: submission-login denial of service issues
    - debian/patches/CVE-2019-1149x-1.patch: remove unused
      client->pending_starttls in src/submission-login/client.h.
    - debian/patches/CVE-2019-1149x-2.patch: fix crash occurring when
      client disconnects during authentication in
      src/submission-login/client-authenticate.c,
      src/submission-login/client.c.
    - debian/patches/CVE-2019-1149x-3.patch: fix AUTH response error
      handling so that it stops reading more input in
      src/lib-smtp/smtp-server-cmd-auth.c.
    - CVE-2019-11494
    - CVE-2019-11499

8ac77d3... by Marc Deslauriers on 2019-04-16

Import patches-unapplied version 1:2.3.2.1-1ubuntu3.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: ad714242f47d63119235625ed7d5a97b273a8a2b

New changelog entries:
  * SECURITY UPDATE: JSON encoder assert DoS
    - debian/patches/CVE-2019-10691.patch: escape invalid UTF-8 as unicode
      bytes in src/lib/json-parser.c, src/lib/test-json-parser.c.
    - CVE-2019-10691

ad71424... by Marc Deslauriers on 2019-03-29

Import patches-unapplied version 1:2.3.2.1-1ubuntu3.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: bc75d0a13249f14fafde3789e17b612819dd2453

New changelog entries:
  * SECURITY UPDATE: stack overflow when reading FTS or POP3-UIDL header
    - debian/patches/CVE-2019-7524-1.patch: fix buffer overflow when
      reading oversized hdr-pop3-uidl header in
      src/lib-storage/index/index-pop3-uidl.c.
    - debian/patches/CVE-2019-7524-2.patch: fix buffer overflow when
      reading oversized fts header in src/plugins/fts/fts-api.c.
    - CVE-2019-7524

bc75d0a... by Marc Deslauriers on 2019-01-28

Import patches-unapplied version 1:2.3.2.1-1ubuntu3.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 187c5291b00a8bdb66987f5395b8fcf6f4eec709

New changelog entries:
  * SECURITY UPDATE: incorrect client certificate validation
    - debian/patches/CVE-2019-3814-1.patch: do not import empty certificate
      username in src/auth/auth-request.c.
    - debian/patches/CVE-2019-3814-2.patch: fail authentication if
      certificate username was unexpectedly missing in
      src/auth/auth-request-handler.c.
    - debian/patches/CVE-2019-3814-3.patch: ensure we get username from
      certificate in src/login-common/sasl-server.c.
    - CVE-2019-3814

187c529... by Dimitri John Ledkov on 2018-09-29

Import patches-unapplied version 1:2.3.2.1-1ubuntu3 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: a11db4a104410225f3583a001941567ca4ad8539

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

a11db4a... by Robie Basak on 2018-09-20

Import patches-unapplied version 1:2.3.2.1-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 2f04799598b195f4cd1b79e24c86b915844e313c

2f04799... by Robie Basak on 2018-09-20

Changelog for 1:2.3.2.1-1ubuntu2

028364e... by Robie Basak on 2018-09-20

  * d/p/fix-glibc-crypt-ftbfs: cherry-pick from upstream to find crypt(3)
    correctly to fix FTBFS (LP: #1793138).

7e16715... by Christian Ehrhardt  on 2018-08-03

Import patches-unapplied version 1:2.3.2.1-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 6314d2da389cd887634986fc4f6d4f6bea1c4979

6314d2d... by Christian Ehrhardt  on 2018-08-06

changelog: push autopkgtests to dropped changes

Signed-off-by: Christian Ehrhardt <email address hidden>