[ubuntu/groovy-proposed] dovecot 1:18.104.22.168+dfsg1-1 (Accepted)
steve.langasek at canonical.com
Wed Aug 19 15:40:32 UTC 2020
dovecot (1:22.214.171.124+dfsg1-1) unstable; urgency=high
* New upstream release fixes security issues (Closes: #968302)
- CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to
resource exhaustion as Dovecot attempts to parse it.
- CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
- CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Add libcap-dev to build-dependencies to support dropping linux
Date: 2020-08-14 04:28:43.940687+00:00
Signed-By: Steve Langasek <steve.langasek at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.
More information about the Groovy-changes