[ubuntu/groovy-updates] dovecot 1: (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Mon Jun 21 14:28:45 UTC 2021

dovecot (1: groovy-security; urgency=medium

  * SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
    - debian/patches/CVE-2021-29157.patch: improve escaping in
      src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c,
    - CVE-2021-29157
  * SECURITY UPDATE: plaintext command injection before STARTTLS
    - debian/patches/CVE-2021-33515.patch: properly handle command queue in
    - CVE-2021-33515

Date: 2021-06-16 18:02:16.502775+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Groovy-changes mailing list