[ubuntu/groovy-proposed] dovecot 1:2.3.11.3+dfsg1-1 (Accepted)
Steve Langasek
steve.langasek at canonical.com
Wed Aug 19 15:40:32 UTC 2020
dovecot (1:2.3.11.3+dfsg1-1) unstable; urgency=high
* New upstream release fixes security issues (Closes: #968302)
- CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to
resource exhaustion as Dovecot attempts to parse it.
- CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
- CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Add libcap-dev to build-dependencies to support dropping linux
capabilities.
Date: 2020-08-14 04:28:43.940687+00:00
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.11.3+dfsg1-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Groovy-changes
mailing list