[ubuntu/jammy-proposed] dovecot 1:2.3.16+dfsg1-3ubuntu1 (Accepted)

Bryce Harrington bryce at canonical.com
Tue Nov 30 00:30:15 UTC 2021 

dovecot (1:2.3.16+dfsg1-3ubuntu1) jammy; urgency=medium

  [ Bryce Harrington ]
  * Merge with Debian unstable. (LP: #1946855)
    Remaining changes:
    - Package references hidden symbols during an LTO link.  This needs further
      investigation.  Until then, disable LTO.
  * Dropped:
    - SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
      + debian/patches/CVE-2021-29157.patch: improve escaping in
        src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c,
        src/lib-oauth2/test-oauth2-jwt.c.
      [Included in Debian 1:2.3.13+dfsg1-2]
    - SECURITY UPDATE: plaintext command injection before STARTTLS
      + debian/patches/CVE-2021-33515.patch: properly handle command queue in
        src/lib-smtp/smtp-server-cmd-starttls.c,
        src/lib-smtp/smtp-server-connection.c.
      [Included in Debian 1:2.3.13+dfsg1-2]
  * d/rules: Disable Debian's recent enablement of LTO as well, as it
    FTBFS when building with gcc 11.
    (LP: #1951325)

  [ Simon Chopin ]
  * d/p/OpenSSL3.patch: Workaround to fix EC key handling when building
    with OpenSSL 3.0.
    (LP: #1945763)

Date: Wed, 17 Nov 2021 13:46:08 -0800
Changed-By: Bryce Harrington <bryce at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.16+dfsg1-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 17 Nov 2021 13:46:08 -0800
Source: dovecot
Built-For-Profiles: noudeb
Architecture: source
Version: 1:2.3.16+dfsg1-3ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bryce Harrington <bryce at canonical.com>
Launchpad-Bugs-Fixed: 1945763 1946855 1951325
Changes:
 dovecot (1:2.3.16+dfsg1-3ubuntu1) jammy; urgency=medium
 .
   [ Bryce Harrington ]
   * Merge with Debian unstable. (LP: #1946855)
     Remaining changes:
     - Package references hidden symbols during an LTO link.  This needs further
       investigation.  Until then, disable LTO.
   * Dropped:
     - SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
       + debian/patches/CVE-2021-29157.patch: improve escaping in
         src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c,
         src/lib-oauth2/test-oauth2-jwt.c.
       [Included in Debian 1:2.3.13+dfsg1-2]
     - SECURITY UPDATE: plaintext command injection before STARTTLS
       + debian/patches/CVE-2021-33515.patch: properly handle command queue in
         src/lib-smtp/smtp-server-cmd-starttls.c,
         src/lib-smtp/smtp-server-connection.c.
       [Included in Debian 1:2.3.13+dfsg1-2]
   * d/rules: Disable Debian's recent enablement of LTO as well, as it
     FTBFS when building with gcc 11.
     (LP: #1951325)
 .
   [ Simon Chopin ]
   * d/p/OpenSSL3.patch: Workaround to fix EC key handling when building
     with OpenSSL 3.0.
     (LP: #1945763)
Checksums-Sha1:
 837d25e77781d9208625ad611e99b15aab5fae39 3836 dovecot_2.3.16+dfsg1-3ubuntu1.dsc
 00a378d9a12a0bbeafec9915f75344d8c26e9c9d 1626913 dovecot_2.3.16+dfsg1.orig-pigeonhole.tar.gz
 b5c598ae8b9901bfabdf2c93271f57cde0bde73e 7650008 dovecot_2.3.16+dfsg1.orig.tar.gz
 03866528523858d773ed05f0a1f106b61f93e9aa 67120 dovecot_2.3.16+dfsg1-3ubuntu1.debian.tar.xz
 3c553707b4cba0c3a18b6e24c2d21b3ff1fffaa5 9043 dovecot_2.3.16+dfsg1-3ubuntu1_source.buildinfo
Checksums-Sha256:
 5646eef331c45930a74de4ee00de5e5673335ce7d5d3bfa98ec9ca067b336685 3836 dovecot_2.3.16+dfsg1-3ubuntu1.dsc
 0438a36c7aef41a9d12df1f2ca792ed5d18df3e23bc241e5a0f762cf4456eb6e 1626913 dovecot_2.3.16+dfsg1.orig-pigeonhole.tar.gz
 03a71d53055bd9ec528d55e07afaf15c09dec9856cba734904bfd05acbc6cf12 7650008 dovecot_2.3.16+dfsg1.orig.tar.gz
 9a6e50e954987a83f12e53f19a7fe6cfe85a377913921569d28eb320d7f319c2 67120 dovecot_2.3.16+dfsg1-3ubuntu1.debian.tar.xz
 caeb1fa4b129f41c3788e2304aeeb569ad5afbedca6c6f98e45e34e575954c46 9043 dovecot_2.3.16+dfsg1-3ubuntu1_source.buildinfo
Files:
 1789dfbe430c7ee457df39c10e672107 3836 mail optional dovecot_2.3.16+dfsg1-3ubuntu1.dsc
 1f7633915873f64ffbe4642749a9990e 1626913 mail optional dovecot_2.3.16+dfsg1.orig-pigeonhole.tar.gz
 946dc6a89db0d11d0061f0d4447263dc 7650008 mail optional dovecot_2.3.16+dfsg1.orig.tar.gz
 8fefcb4d15da314b71b66a8136378677 67120 mail optional dovecot_2.3.16+dfsg1-3ubuntu1.debian.tar.xz
 fb6191b3fb60e2ad006d35338f39a982 9043 mail optional dovecot_2.3.16+dfsg1-3ubuntu1_source.buildinfo
Original-Maintainer: Dovecot Maintainers <dovecot at packages.debian.org>
Vcs-Git: https://git.launchpad.net/~bryce/ubuntu/+source/dovecot
Vcs-Git-Commit: 4440c1547a55d11b39c6bc2e9455d16ce3af60ee
Vcs-Git-Ref: refs/heads/merge-v1e2.3.16adfsg1-3-jammy

More information about the jammy-changes mailing list