ubuntu/+source/dovecot:ubuntu/xenial-security

Last commit made on 2019-08-28
Get this branch:
git clone -b ubuntu/xenial-security https://git.launchpad.net/ubuntu/+source/dovecot
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/xenial-security
Repository:
lp:ubuntu/+source/dovecot

Recent commits

1746bc4... by Leonidas S. Barbosa on 2019-08-28

Import patches-unapplied version 1:2.2.22-1ubuntu2.12 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: a4c2e8ed8566a8037f80eb7396b2288d6a66ba90

New changelog entries:
  * SECURITY REGRESSION: updating CVE-2019-11500-3.patch with the right check

a4c2e8e... by Leonidas S. Barbosa on 2019-08-14

Import patches-unapplied version 1:2.2.22-1ubuntu2.11 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 7a14393b6980f0f94d0780c73142f779c2b7cb51

New changelog entries:
  * SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds
    heap memory writes
    - debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
      NULs in src/lib-imap/imap-parser.c and
      pigeonhole/src/lib-managesieve/managesieve-parser.c,
      make sure str_unescape won't be writing past allocated memory
      in src/lib-imap/imap-parser.c and
      pieonhole/src/lig-managesieve/managesieve-parser.c.
    - CVE-2019-11500

7a14393... by Marc Deslauriers on 2019-03-29

Import patches-unapplied version 1:2.2.22-1ubuntu2.10 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: fd0f88bbac0393ac24baa6abc15c782048ddded8

New changelog entries:
  * SECURITY UPDATE: stack overflow when reading FTS or POP3-UIDL header
    - debian/patches/CVE-2019-7524-2.patch: fix buffer overflow when
      reading oversized fts header in src/plugins/fts/fts-api.c.
    - CVE-2019-7524

fd0f88b... by Marc Deslauriers on 2019-01-28

Import patches-unapplied version 1:2.2.22-1ubuntu2.9 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: ca4a60b2150ba65dd5f06a24f0027c894a923543

New changelog entries:
  * SECURITY UPDATE: incorrect client certificate validation
    - debian/patches/CVE-2019-3814-1.patch: do not import empty certificate
      username in src/auth/auth-request.c.
    - debian/patches/CVE-2019-3814-2.patch: fail authentication if
      certificate username was unexpectedly missing in
      src/auth/auth-request-handler.c.
    - debian/patches/CVE-2019-3814-3.patch: ensure we get username from
      certificate in src/login-common/sasl-server.c.
    - CVE-2019-3814

ca4a60b... by Mathieu Trudel-Lapierre on 2018-07-11

Import patches-unapplied version 1:2.2.22-1ubuntu2.8 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 07da6653802170b378a785b516d537f5cac30bb0

New changelog entries:
  * debian/*.triggers: change triggers to -noawait variety: there is no need
    for awaited triggers for the restarting of dovecot. (LP: #1780996)

07da665... by Marc Deslauriers on 2018-02-27

Import patches-unapplied version 1:2.2.22-1ubuntu2.7 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 68708f0f3a1fd4ac3fb88c675c67781501079bb4

New changelog entries:
  * SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
    - debian/patches/CVE-2017-14461/*.patch: upstream parsing fixes.
    - CVE-2017-14461
  * SECURITY UPDATE: TLS SNI config lookups DoS
    - debian/patches/CVE-2017-15130/*.patch: upstream config filtering fix.
    - CVE-2017-15130

68708f0... by Leonidas S. Barbosa on 2018-01-31

Import patches-unapplied version 1:2.2.22-1ubuntu2.6 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: ac04565af1993e0480cb2093801d6d51dc8bdbea

New changelog entries:
  * SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
    - debian/patches/CVE-2017-15132.patch: fix memory leak in
      auth_client_request_abort() in src/lib-auth/auth-client-request.c.
    - debian/patches/CVE-2017-15132-additional.patch: remove request after
      abort in src/lib-auth/auth-client-request.c,
      src/lib-auth/auth-server-connection.c,
      src/lib-auth/auth-serser-connection.h.
    - CVE-2017-15132

ac04565... by Tyler Hicks on 2017-04-11

Import patches-unapplied version 1:2.2.22-1ubuntu2.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b1383a409d6ec2dc98f2b5a95a30358b3578b074

New changelog entries:
  * REGRESSION UPDATE: Revert CVE-2017-2669 fix as this version of dovecot is
    not affected by the security flaw and the change caused a regression in
    passdb and userdb dictionary authentication backends
    debian/patches/CVE-2017-2669.patch: Remove the patch

b1383a4... by Marc Deslauriers on 2017-04-07

Import patches-unapplied version 1:2.2.22-1ubuntu2.3 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: a0a60f42482e0d6f9bb37e37d47566ab0f35d130

New changelog entries:
  * SECURITY UPDATE: DoS via crafted username
    - debian/patches/CVE-2017-2669.patch: do not double-expand key in
      passdb dict when authenticating in src/auth/db-dict.c.
    - CVE-2017-2669

a0a60f4... by Christian Ehrhardt  on 2016-11-09

Import patches-unapplied version 1:2.2.22-1ubuntu2.2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 9ac0214960e267f693ec11723c9ddef42e1d49c0

New changelog entries:
  * d/p/fix-sieve-pigeonhole-crash-on-huge-mails.patch: Fix sieve-pigeonhole
    crash when filtering too much data (LP: #1633220)