[ubuntu/focal-security] dovecot 1:2.3.7.2-1ubuntu3.7 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Sep 16 11:48:25 UTC 2024
dovecot (1:2.3.7.2-1ubuntu3.7) focal-security; urgency=medium
* SECURITY UPDATE: Very large headers can cause resource exhaustion when
parsing message
- debian/patches/CVE-2024-23185-pre1.patch: add test_assert_cmp[_idx]()
in src/lib-test/test-common.c, src/lib-test/test-common.h.
- debian/patches/CVE-2024-23185-1.patch: limit header block to 10MB by
default in src/lib-mail/message-header-parser.c,
src/lib-mail/message-header-parser.h,
src/lib-mail/test-message-header-parser.c.
- debian/patches/CVE-2024-23185-2.patch: limit headers total count to
50MB by default in src/lib-mail/message-parser-private.h,
src/lib-mail/message-parser.c, src/lib-mail/message-parser.h,
src/lib-mail/test-message-parser.c.
- CVE-2024-23185
Date: 2024-09-11 13:20:19.675284+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.7.2-1ubuntu3.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list