[ubuntu/eoan-proposed] dovecot 1:2.3.4.1-5ubuntu3 (Accepted)

Fri Aug 30 16:23:16 UTC 2019

dovecot (1:2.3.4.1-5ubuntu3) eoan; urgency=medium

  * SECURITY UPDATE: The IMAP protocol parser does not properly handled
    the NUL byte when scanning data in quoted strings, leading to out of
    bounds heap memory writes.
    - debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
      NULs in src/lib-imap/imap-parser.c and
      pigeonhole/src/lib-managesieve/managesieve-parser.c,
      make sure str_unescape won't be writing past allocated memory
      in src/lib-imap/imap-parser.c and
      pieonhole/src/lig-managesieve/managesieve-parser.c.
    - CVE-2019-11500

Date: Wed, 28 Aug 2019 15:47:43 -0300
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Bryce Harrington <bryce at bryceharrington.org>
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.4.1-5ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 28 Aug 2019 15:47:43 -0300
Source: dovecot
Architecture: source
Version: 1:2.3.4.1-5ubuntu3
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas S. Barbosa <leo.barbosa at canonical.com>
Changes:
 dovecot (1:2.3.4.1-5ubuntu3) eoan; urgency=medium
 .
   * SECURITY UPDATE: The IMAP protocol parser does not properly handled
     the NUL byte when scanning data in quoted strings, leading to out of
     bounds heap memory writes.
     - debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
       NULs in src/lib-imap/imap-parser.c and
       pigeonhole/src/lib-managesieve/managesieve-parser.c,
       make sure str_unescape won't be writing past allocated memory
       in src/lib-imap/imap-parser.c and
       pieonhole/src/lig-managesieve/managesieve-parser.c.
     - CVE-2019-11500
Checksums-Sha1:
 9eefd6b96a3e77c4e32381873fb40a0fbd8458fc 3491 dovecot_2.3.4.1-5ubuntu3.dsc
 e8da3a39211820c41afb1f9a2d9250f327d7470a 540004 dovecot_2.3.4.1-5ubuntu3.debian.tar.xz
 a8053ae1958b2fd31783bb36f0d5afe88ffb1117 7814 dovecot_2.3.4.1-5ubuntu3_source.buildinfo
Checksums-Sha256:
 2dcb9f16c114fd3b2e0fa9dc2ad28af27a9e242cdd6df737ab7392e6ee1de8fd 3491 dovecot_2.3.4.1-5ubuntu3.dsc
 3c8f30e3d8762149311a3317df8ee7b541adfa834cc4e53b95bd3c4d13266058 540004 dovecot_2.3.4.1-5ubuntu3.debian.tar.xz
 308ee04acca0f7f98df8aa55b990802917d2d1024b6b49b2be03c2f00e6fb2e6 7814 dovecot_2.3.4.1-5ubuntu3_source.buildinfo
Files:
 1b177d7d36fccdc1d10c948e834674ad 3491 mail optional dovecot_2.3.4.1-5ubuntu3.dsc
 c7ad495699f8478be4fc327cf11ad48d 540004 mail optional dovecot_2.3.4.1-5ubuntu3.debian.tar.xz
 429175e3d3dc6b703808ab794beb5e77 7814 mail optional dovecot_2.3.4.1-5ubuntu3_source.buildinfo
Original-Maintainer: Dovecot Maintainers <dovecot at packages.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpmEQCz2sHU8srYpU5gOyV4+48PsFAl1pSREACgkQ5gOyV4+4
8Pv7bg/8Do5Ox3iLpCnCTGqZI51DN4Edu4cTlWeHkX13nmUOBg5xk3tgbarVe0eB
rN6+f2xaHYKLt6wPgHMji0qo+v/8szZjSx5g+VpiRmy1uUbbXtAKOEayc3fAcknW
A29VktCk18cqyfP2m+qiSZSVf4rDSwQKbEObdfvYxEiYfzIuU2dQIgKIFhpnht1S
GBexy9HLJtd8uILxD/uCojtCN3hEBNRIHqqPea5rHk9iapMjdLpgKK4w7DsMe3AV
jTVCCLEuDs2mcF1ecaFhGKS/sk+wdoeR68259XSSflvVADfAV02pUB+Ngt0BUh+m
uB8OAXFz86LfxVaAudyipTFllosJGyNBcJ+IrNTBsrRuoGZkVRxDeB8FkgX3NMbB
HTdl3qkH/MwkqXC+e6DmO8Ud7OhIsjChQ+0xG02yNgHeHNN6hZfdZLQciAq6XPYG
k6kG45mRm+d8zDJdmwXhtHUVAwovH8CLcpnfzL2ankyEjxLh1h42csJec4MuvFnn
Bshm/eAkz+vku0JAX1j1qDx8xjvF/Hdd9+KVH/mJ3NyP8dWeebk74zncx9peJwgB
50JePRCAUtNJGC2mOSwMCRvYGCXcA/YljGCHjfh9331eer621V/G62G9J7nXSQyL
iL4qOzAy5MSyR6y/nxZsonxIWa3qVTr9rl/Jeu5knYKDd3cNzP4=
=cCXi
-----END PGP SIGNATURE-----