[ubuntu/groovy-proposed] dovecot 1: (Accepted)

Steve Langasek steve.langasek at canonical.com
Wed Aug 19 15:40:32 UTC 2020

dovecot (1: unstable; urgency=high

  * New upstream release fixes security issues (Closes: #968302)
    - CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to
      resource exhaustion as Dovecot attempts to parse it.
    - CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check
      message buffer size, which leads to reading past allocation which can
      lead to crash.
    - CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts
      zero-length message, which leads to assert-crash later on.
  * Add libcap-dev to build-dependencies to support dropping linux

Date: 2020-08-14 04:28:43.940687+00:00
Signed-By: Steve Langasek <steve.langasek at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Groovy-changes mailing list