[ubuntu/disco-security] dovecot 1:2.3.4.1-1ubuntu2.3 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Aug 28 12:35:25 UTC 2019
dovecot (1:2.3.4.1-1ubuntu2.3) disco-security; urgency=medium
* SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds
heap memory writes
- debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
NULs in src/lib-imap/imap-parser.c and
pigeonhole/src/lib-managesieve/managesieve-parser.c,
make sure str_unescape won't be writing past allocated memory
in src/lib-imap/imap-parser.c and
pieonhole/src/lig-managesieve/managesieve-parser.c.
- CVE-2019-11500
Date: 2019-08-14 19:04:29.615285+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.4.1-1ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list