[ubuntu/lucid-security] dovecot, dovecot (delayed) 1:1.2.9-1ubuntu6.3 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Feb 7 18:04:00 UTC 2011
dovecot (1:1.2.9-1ubuntu6.3) lucid-security; urgency=low
* SECURITY UPDATE: information disclosure via newly created mailboxes
with incorrect ACLs
- debian/patches/CVE-2010-3304.patch: verify the directory isn't the
same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c.
- CVE-2010-3304
* SECURITY UPDATE: ACL bypass via incorrect ACL merging
- debian/patches/CVE-2010-370x.patch: fix logic of merging multiple
ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c,
acl-cache.c}.
- CVE-2010-3706
- CVE-2010-3707
* SECURITY UPDATE: restriction bypass via mailbox ACL changing
- debian/patches/CVE-2010-3779.patch: don't give admin rights to all
owner mailboxes in src/plugins/acl/acl-backend-vfile.c.
- CVE-2010-3779
* SECURITY UPDATE: denial of service via many simultaneous disconnects.
- debian/patches/CVE-2010-3780.patch: don't die after three failed
writes to log in src/lib/failures.c.
- CVE-2010-3780
* debian/control: removed linux-kernel-headers from Build-Conflicts to
resolve building with sbuild.
* This update does not contain the changes from 1:1.2.9-1ubuntu6.2 that
was in -proposed.
Date: Mon, 31 Jan 2011 13:53:14 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/dovecot/1:1.2.9-1ubuntu6.3
-------------- next part --------------
Format: 1.8
Date: Mon, 31 Jan 2011 13:53:14 -0500
Source: dovecot
Binary: dovecot-common dovecot-dev dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-dbg
Architecture: source
Version: 1:1.2.9-1ubuntu6.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
dovecot-common - secure mail server that supports mbox and maildir mailboxes
dovecot-dbg - debug symbols for Dovecot
dovecot-dev - header files for the dovecot mail server
dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes
dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes
dovecot-postfix - full mail server stack provided by Ubuntu server team
Changes:
dovecot (1:1.2.9-1ubuntu6.3) lucid-security; urgency=low
.
* SECURITY UPDATE: information disclosure via newly created mailboxes
with incorrect ACLs
- debian/patches/CVE-2010-3304.patch: verify the directory isn't the
same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c.
- CVE-2010-3304
* SECURITY UPDATE: ACL bypass via incorrect ACL merging
- debian/patches/CVE-2010-370x.patch: fix logic of merging multiple
ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c,
acl-cache.c}.
- CVE-2010-3706
- CVE-2010-3707
* SECURITY UPDATE: restriction bypass via mailbox ACL changing
- debian/patches/CVE-2010-3779.patch: don't give admin rights to all
owner mailboxes in src/plugins/acl/acl-backend-vfile.c.
- CVE-2010-3779
* SECURITY UPDATE: denial of service via many simultaneous disconnects.
- debian/patches/CVE-2010-3780.patch: don't die after three failed
writes to log in src/lib/failures.c.
- CVE-2010-3780
* debian/control: removed linux-kernel-headers from Build-Conflicts to
resolve building with sbuild.
* This update does not contain the changes from 1:1.2.9-1ubuntu6.2 that
was in -proposed.
Checksums-Sha1:
ae8f0f0d17203353acbdcb9791aeaa4523c3b97a 2318 dovecot_1.2.9-1ubuntu6.3.dsc
ed002c84dc317e12ca47df39d1c25a5cf91c0ada 1418658 dovecot_1.2.9-1ubuntu6.3.debian.tar.gz
Checksums-Sha256:
f95d48ba219c799d910cfa89243cd154951b966446f1cbac487d8c73f06c8f8f 2318 dovecot_1.2.9-1ubuntu6.3.dsc
29f6e4901bad4247c2e07ff8ad2dcee01c2c7afd1a33beafe68059f29e8d0bb5 1418658 dovecot_1.2.9-1ubuntu6.3.debian.tar.gz
Files:
fec51e228070f787fb056143796db75c 2318 mail optional dovecot_1.2.9-1ubuntu6.3.dsc
e63585f0ff54bca7e0bf13cfc231b71f 1418658 mail optional dovecot_1.2.9-1ubuntu6.3.debian.tar.gz
Original-Maintainer: Dovecot Maintainers <jaldhar-dovecot at debian.org>
More information about the Lucid-changes
mailing list