[ubuntu/hirsute-proposed] dovecot 1:2.3.11.3+dfsg1-2ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Jan 11 16:17:14 UTC 2021 

dovecot (1:2.3.11.3+dfsg1-2ubuntu1) hirsute; urgency=medium

  * SECURITY UPDATE: information disclosure via imap hibernation
    - debian/patches/CVE-2020-24386-1.patch: escape tag when sending it to
      imap-hibernate process in src/imap/imap-client-hibernate.c.
    - debian/patches/CVE-2020-24386-2.patch: add unit test for
      imap-client-hibernate in src/imap/Makefile.am,
      src/imap/imap-client-hibernate.c, src/imap/imap-client.h,
      src/imap/test-imap-client-hibernate.c.
    - CVE-2020-24386
  * SECURITY UPDATE: remote DoS via large number of MIME parts
    - debian/patches/CVE-2020-25275-1.patch: fix assert-crash when
      enforcing MIME part limit in src/lib-mail/message-parser.c,
      src/lib-mail/test-message-parser.c.
    - debian/patches/CVE-2020-25275-2.patch: don't generate invalid
      BODYSTRUCTURE when reaching MIME part limit in
      src/lib-imap/imap-bodystructure.c.
    - CVE-2020-25275

Date: Mon, 28 Dec 2020 10:59:24 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.11.3+dfsg1-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 28 Dec 2020 10:59:24 -0500
Source: dovecot
Architecture: source
Version: 1:2.3.11.3+dfsg1-2ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 dovecot (1:2.3.11.3+dfsg1-2ubuntu1) hirsute; urgency=medium
 .
   * SECURITY UPDATE: information disclosure via imap hibernation
     - debian/patches/CVE-2020-24386-1.patch: escape tag when sending it to
       imap-hibernate process in src/imap/imap-client-hibernate.c.
     - debian/patches/CVE-2020-24386-2.patch: add unit test for
       imap-client-hibernate in src/imap/Makefile.am,
       src/imap/imap-client-hibernate.c, src/imap/imap-client.h,
       src/imap/test-imap-client-hibernate.c.
     - CVE-2020-24386
   * SECURITY UPDATE: remote DoS via large number of MIME parts
     - debian/patches/CVE-2020-25275-1.patch: fix assert-crash when
       enforcing MIME part limit in src/lib-mail/message-parser.c,
       src/lib-mail/test-message-parser.c.
     - debian/patches/CVE-2020-25275-2.patch: don't generate invalid
       BODYSTRUCTURE when reaching MIME part limit in
       src/lib-imap/imap-bodystructure.c.
     - CVE-2020-25275
Checksums-Sha1:
 5f049f242f5d352efa7b158c69631134c6a6eda0 4074 dovecot_2.3.11.3+dfsg1-2ubuntu1.dsc
 737a81c19be90fc7224289c37f66a2fd5d5de975 65900 dovecot_2.3.11.3+dfsg1-2ubuntu1.debian.tar.xz
 31c9599551587c59426ef5401b0948d3e91bb1d9 9023 dovecot_2.3.11.3+dfsg1-2ubuntu1_source.buildinfo
Checksums-Sha256:
 ba124b9f73f73beb8f377fe7de89ebe28b253d0a0dc8442a7163e16763608e8d 4074 dovecot_2.3.11.3+dfsg1-2ubuntu1.dsc
 f39cb74e1d35188410a3f72056d496bf58469dae4b376488b26408b93cf3eea2 65900 dovecot_2.3.11.3+dfsg1-2ubuntu1.debian.tar.xz
 994057c7079834d1ac3dd3729002a3a618652745cc63101898993028d2a95440 9023 dovecot_2.3.11.3+dfsg1-2ubuntu1_source.buildinfo
Files:
 dc855661757837c05a4f72df6da6b3e3 4074 mail optional dovecot_2.3.11.3+dfsg1-2ubuntu1.dsc
 5b8114e73d7cef872ca06dedaa9a2beb 65900 mail optional dovecot_2.3.11.3+dfsg1-2ubuntu1.debian.tar.xz
 003eeeb5f37cf0e90f766322eef03d16 9023 mail optional dovecot_2.3.11.3+dfsg1-2ubuntu1_source.buildinfo
Original-Maintainer: Dovecot Maintainers <dovecot at packages.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/8biAACgkQZWnYVadE
vpN1Ww//SlYmWFWSMzCkv4RStzL/i3sGFsPXcG5a2cklL4F2SnngdVJy7A07+8hv
8DloYhgTmioEccoTrVJ+Fle5FrULQTam1gfh9ACiwmLRtKRIBYf9d5eDEmTTQkU8
ZS27CYpdMpGkY22LLnYtS0s4mtLLhbNvr0ljgh0/lFXE4LjuyQzpJf6z+ysoTzcT
kYbnStaX/d/ey6qfj5J3eYLsjl62kylIaDKV/Z1JJ2JJj7fsKO0ixTXm2Icwrm54
1ogzFT1u1hpw8H4m6XJPB5fmE2bbVR/ffBU8X7buFZ9jTMJIlierxrK7IaeZbo2Y
dgpga8tRmqHCHQOPVdxSdL5djJFoUSCEctMd5+ARWLtlx1s4dtgZrdFErpCHg8lN
f3IUHGFvb9m6Q53fjDHH4bc/+VLNyxvuLm5uyRtPjN9zgasfcqDaNSWaQKJb+DPk
JhYMfQ6srNnEP7+uoppdKv5aOr2PFLTZSAud4wz3vuZxMjfqb2W6fS38NrL/IrYh
R5CvdLNnZ5OWL2WY4OJ9lFVbF+cqM0A6uL3BuY215Ml0nC+qLtDrSeAZVFUBJ2BO
/WWtMWx2JAUsGNCzGYY1WQLcr7uPLuBoeXL+OJQ+y4MDTeA47tNGzACbUsMWYKED
siY4ecaYNJWjkjVOyhXkGNlOIa0swCatJvNOqVq/cwHO0k0omFI=
=Hp2/
-----END PGP SIGNATURE-----

More information about the Hirsute-changes mailing list