ubuntu/+source/dovecot:ubuntu/disco-security

Last commit made on 2019-08-28
Get this branch:
git clone -b ubuntu/disco-security https://git.launchpad.net/ubuntu/+source/dovecot
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/disco-security
Repository:
lp:ubuntu/+source/dovecot

Recent commits

4ab225b... by Leonidas S. Barbosa on 2019-08-28

Import patches-unapplied version 1:2.3.4.1-1ubuntu2.4 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: 567e06af1b31f176d31233f4d56389ad39784767

New changelog entries:
  * SECURITY REGRESSION: updating CVE-2019-11500-3.patch with the right check

567e06a... by Leonidas S. Barbosa on 2019-08-14

Import patches-unapplied version 1:2.3.4.1-1ubuntu2.3 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: ddc7b334b197597f2d574a0d7aab972810cede65

New changelog entries:
  * SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds
    heap memory writes
    - debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
      NULs in src/lib-imap/imap-parser.c and
      pigeonhole/src/lib-managesieve/managesieve-parser.c,
      make sure str_unescape won't be writing past allocated memory
      in src/lib-imap/imap-parser.c and
      pieonhole/src/lig-managesieve/managesieve-parser.c.
    - CVE-2019-11500

ddc7b33... by Marc Deslauriers on 2019-04-29

Import patches-unapplied version 1:2.3.4.1-1ubuntu2.2 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: d75708f02f15b6061bedf817ae8f3600786f84ae

New changelog entries:
  * SECURITY UPDATE: submission-login denial of service issues
    - debian/patches/CVE-2019-1149x-1.patch: remove unused
      client->pending_starttls in src/submission-login/client.h.
    - debian/patches/CVE-2019-1149x-2.patch: fix crash occurring when
      client disconnects during authentication in
      src/submission-login/client-authenticate.c,
      src/submission-login/client.c.
    - debian/patches/CVE-2019-1149x-3.patch: fix AUTH response error
      handling so that it stops reading more input in
      src/lib-smtp/smtp-server-cmd-auth.c.
    - CVE-2019-11494
    - CVE-2019-11499

d75708f... by Marc Deslauriers on 2019-04-16

Import patches-unapplied version 1:2.3.4.1-1ubuntu2.1 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: 4fddf93c7fcd7d940e5d2a3da08d0962b0bb9af1

New changelog entries:
  * SECURITY UPDATE: JSON encoder assert DoS
    - debian/patches/CVE-2019-10691.patch: escape invalid UTF-8 as unicode
      bytes in src/lib/json-parser.c, src/lib/test-json-parser.c.
    - CVE-2019-10691

4fddf93... by Marc Deslauriers on 2019-04-01

Import patches-unapplied version 1:2.3.4.1-1ubuntu2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 0d685a40dcaa1dc83be53074e1a0075395a34ae8

New changelog entries:
  * SECURITY UPDATE: stack overflow when reading FTS or POP3-UIDL header
    - debian/patches/CVE-2019-7524-1.patch: fix buffer overflow when
      reading oversized hdr-pop3-uidl header in
      src/lib-storage/index/index-pop3-uidl.c.
    - debian/patches/CVE-2019-7524-2.patch: fix buffer overflow when
      reading oversized fts header in src/plugins/fts/fts-api.c.
    - CVE-2019-7524

0d685a4... by Karl Stenerud on 2019-02-07

Import patches-unapplied version 1:2.3.4.1-1ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Upload parent: b04c05307f503b86af12bd02335ce200147271ff

b04c053... by Karl Stenerud on 2019-02-07

update-maintainer

fd2112f... by Karl Stenerud on 2019-02-07

reconstruct-changelog

65b7eb3... by Karl Stenerud on 2019-02-07

merge-changelogs

b5e2e97... by Christian Ehrhardt  on 2018-05-16

carry mail-stack-delivery as empty transitional package

Signed-off-by: Christian Ehrhardt <email address hidden>