[ubuntu/maverick-security] dovecot, dovecot (delayed) 1:1.2.12-1ubuntu8.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Feb 7 18:03:38 UTC 2011 

dovecot (1:1.2.12-1ubuntu8.1) maverick-security; urgency=low

  * SECURITY UPDATE: information disclosure via newly created mailboxes
    with incorrect ACLs
    - debian/patches/CVE-2010-3304.patch: verify the directory isn't the
      same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c.
    - CVE-2010-3304
  * SECURITY UPDATE: ACL bypass via incorrect ACL merging
    - debian/patches/CVE-2010-370x.patch: fix logic of merging multiple
      ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c,
      acl-cache.c}.
    - CVE-2010-3706
    - CVE-2010-3707
  * SECURITY UPDATE: restriction bypass via mailbox ACL changing
    - debian/patches/CVE-2010-3779.patch: don't give admin rights to all
      owner mailboxes in src/plugins/acl/acl-backend-vfile.c.
    - CVE-2010-3779
  * SECURITY UPDATE: denial of service via many simultaneous disconnects.
    - debian/patches/CVE-2010-3780.patch: don't die after three failed
      writes to log in src/lib/failures.c.
    - CVE-2010-3780
  * debian/control: removed linux-kernel-headers from Build-Conflicts to
    resolve building with sbuild.

Date: Mon, 10 Jan 2011 15:29:47 -0600
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/dovecot/1:1.2.12-1ubuntu8.1
-------------- next part --------------
Format: 1.8
Date: Mon, 10 Jan 2011 15:29:47 -0600
Source: dovecot
Binary: dovecot-common dovecot-dev dovecot-imapd dovecot-pop3d mail-stack-delivery dovecot-postfix dovecot-dbg
Architecture: source
Version: 1:1.2.12-1ubuntu8.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 dovecot-common - secure mail server that supports mbox and maildir mailboxes
 dovecot-dbg - debug symbols for Dovecot
 dovecot-dev - header files for the dovecot mail server
 dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes
 dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes
 dovecot-postfix - mail server delivery agent stack provided by Ubuntu server team
 mail-stack-delivery - mail server delivery agent stack provided by Ubuntu server team
Changes: 
 dovecot (1:1.2.12-1ubuntu8.1) maverick-security; urgency=low
 .
   * SECURITY UPDATE: information disclosure via newly created mailboxes
     with incorrect ACLs
     - debian/patches/CVE-2010-3304.patch: verify the directory isn't the
       same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c.
     - CVE-2010-3304
   * SECURITY UPDATE: ACL bypass via incorrect ACL merging
     - debian/patches/CVE-2010-370x.patch: fix logic of merging multiple
       ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c,
       acl-cache.c}.
     - CVE-2010-3706
     - CVE-2010-3707
   * SECURITY UPDATE: restriction bypass via mailbox ACL changing
     - debian/patches/CVE-2010-3779.patch: don't give admin rights to all
       owner mailboxes in src/plugins/acl/acl-backend-vfile.c.
     - CVE-2010-3779
   * SECURITY UPDATE: denial of service via many simultaneous disconnects.
     - debian/patches/CVE-2010-3780.patch: don't die after three failed
       writes to log in src/lib/failures.c.
     - CVE-2010-3780
   * debian/control: removed linux-kernel-headers from Build-Conflicts to
     resolve building with sbuild.
Checksums-Sha1: 
 12e135cdd23372d3b310b779830c99890262b424 2347 dovecot_1.2.12-1ubuntu8.1.dsc
 48a4799444146553a701d770454664f07559e3b1 1538312 dovecot_1.2.12-1ubuntu8.1.debian.tar.gz
Checksums-Sha256: 
 38f474aa28d7089de66eb720dc14bbafef03bb6a1bf7fd96e690e6ff59fe927f 2347 dovecot_1.2.12-1ubuntu8.1.dsc
 2f1cad84da26e8d9ad96ae2860213cd835a9470d87639c5e39a8008598f5b654 1538312 dovecot_1.2.12-1ubuntu8.1.debian.tar.gz
Files: 
 8ede599bb24182293c4d6151c3f5c34a 2347 mail optional dovecot_1.2.12-1ubuntu8.1.dsc
 e1d8c3fe8f56021c4c12d8c334412f0b 1538312 mail optional dovecot_1.2.12-1ubuntu8.1.debian.tar.gz
Original-Maintainer: Dovecot Maintainers <jaldhar-dovecot at debian.org>

More information about the Maverick-changes mailing list