[ubuntu/disco-security] dovecot 1:2.3.4.1-1ubuntu2.3 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Wed Aug 28 12:35:25 UTC 2019


dovecot (1:2.3.4.1-1ubuntu2.3) disco-security; urgency=medium

  * SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds
    heap memory writes
    - debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
      NULs in src/lib-imap/imap-parser.c and
      pigeonhole/src/lib-managesieve/managesieve-parser.c,
      make sure str_unescape won't be writing past allocated memory
      in src/lib-imap/imap-parser.c and
      pieonhole/src/lig-managesieve/managesieve-parser.c.
    - CVE-2019-11500

Date: 2019-08-14 19:04:29.615285+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.4.1-1ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.


More information about the Disco-changes mailing list