[ubuntu/lucid-security] dovecot, dovecot (delayed) 1:1.2.9-1ubuntu6.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Feb 7 18:04:00 UTC 2011 

dovecot (1:1.2.9-1ubuntu6.3) lucid-security; urgency=low

  * SECURITY UPDATE: information disclosure via newly created mailboxes
    with incorrect ACLs
    - debian/patches/CVE-2010-3304.patch: verify the directory isn't the
      same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c.
    - CVE-2010-3304
  * SECURITY UPDATE: ACL bypass via incorrect ACL merging
    - debian/patches/CVE-2010-370x.patch: fix logic of merging multiple
      ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c,
      acl-cache.c}.
    - CVE-2010-3706
    - CVE-2010-3707
  * SECURITY UPDATE: restriction bypass via mailbox ACL changing
    - debian/patches/CVE-2010-3779.patch: don't give admin rights to all
      owner mailboxes in src/plugins/acl/acl-backend-vfile.c.
    - CVE-2010-3779
  * SECURITY UPDATE: denial of service via many simultaneous disconnects.
    - debian/patches/CVE-2010-3780.patch: don't die after three failed
      writes to log in src/lib/failures.c.
    - CVE-2010-3780
  * debian/control: removed linux-kernel-headers from Build-Conflicts to
    resolve building with sbuild.
  * This update does not contain the changes from 1:1.2.9-1ubuntu6.2 that
    was in -proposed.

Date: Mon, 31 Jan 2011 13:53:14 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/dovecot/1:1.2.9-1ubuntu6.3
-------------- next part --------------
Format: 1.8
Date: Mon, 31 Jan 2011 13:53:14 -0500
Source: dovecot
Binary: dovecot-common dovecot-dev dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-dbg
Architecture: source
Version: 1:1.2.9-1ubuntu6.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 dovecot-common - secure mail server that supports mbox and maildir mailboxes
 dovecot-dbg - debug symbols for Dovecot
 dovecot-dev - header files for the dovecot mail server
 dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes
 dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes
 dovecot-postfix - full mail server stack provided by Ubuntu server team
Changes: 
 dovecot (1:1.2.9-1ubuntu6.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: information disclosure via newly created mailboxes
     with incorrect ACLs
     - debian/patches/CVE-2010-3304.patch: verify the directory isn't the
       same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c.
     - CVE-2010-3304
   * SECURITY UPDATE: ACL bypass via incorrect ACL merging
     - debian/patches/CVE-2010-370x.patch: fix logic of merging multiple
       ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c,
       acl-cache.c}.
     - CVE-2010-3706
     - CVE-2010-3707
   * SECURITY UPDATE: restriction bypass via mailbox ACL changing
     - debian/patches/CVE-2010-3779.patch: don't give admin rights to all
       owner mailboxes in src/plugins/acl/acl-backend-vfile.c.
     - CVE-2010-3779
   * SECURITY UPDATE: denial of service via many simultaneous disconnects.
     - debian/patches/CVE-2010-3780.patch: don't die after three failed
       writes to log in src/lib/failures.c.
     - CVE-2010-3780
   * debian/control: removed linux-kernel-headers from Build-Conflicts to
     resolve building with sbuild.
   * This update does not contain the changes from 1:1.2.9-1ubuntu6.2 that
     was in -proposed.
Checksums-Sha1: 
 ae8f0f0d17203353acbdcb9791aeaa4523c3b97a 2318 dovecot_1.2.9-1ubuntu6.3.dsc
 ed002c84dc317e12ca47df39d1c25a5cf91c0ada 1418658 dovecot_1.2.9-1ubuntu6.3.debian.tar.gz
Checksums-Sha256: 
 f95d48ba219c799d910cfa89243cd154951b966446f1cbac487d8c73f06c8f8f 2318 dovecot_1.2.9-1ubuntu6.3.dsc
 29f6e4901bad4247c2e07ff8ad2dcee01c2c7afd1a33beafe68059f29e8d0bb5 1418658 dovecot_1.2.9-1ubuntu6.3.debian.tar.gz
Files: 
 fec51e228070f787fb056143796db75c 2318 mail optional dovecot_1.2.9-1ubuntu6.3.dsc
 e63585f0ff54bca7e0bf13cfc231b71f 1418658 mail optional dovecot_1.2.9-1ubuntu6.3.debian.tar.gz
Original-Maintainer: Dovecot Maintainers <jaldhar-dovecot at debian.org>

More information about the Lucid-changes mailing list