[Bug 1614062] Re: imapproxy out of date

Mattia Rizzolo mattia at mapreri.org
Mon Dec 5 16:04:42 UTC 2016 

Yes, please deal with this in Debian.  Either adopt it, or do a QA
upload.  I see you already turned the O into an ITA, great :)

Just file an RFS as usual to get sponsored there, making sure to also
add 'LP: #1614062' to the debian upload to also close this one bug with
that when the package is then synced.

Unsubscribing ubuntu-sponsors for now.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1614062

Title:
  imapproxy out of date

Status in up-imapproxy package in Ubuntu:
  New
Status in up-imapproxy package in Debian:
  New

Bug description:
  The version of imapproxy packaged, 1.2.7, is the last released
  version. Unfortunately, this version is from 2010. There have been
  several good changes to imapproxy, but no new release has been cut.
  Many of these changes have security implications.

  Here's a list of selected changes in chronological order:
   - Warn against using port 993
   - Fix LOGIN command so that it handles literal arguments correctly
   - Fix possible buffer overflow issue
   - Add the ability to authenticate to the IMAP server using SASL plain
   - Fix server connection starvation and synchronization issues
   - When NO or BAD response is returned from the server against a LOGIN or
     AUTHENTICATE request, we now log the full server response and pass it
     back to the client (useful if client is watching for RFC 5530 response
     codes).
   - Fix server connection synchronization issues in the SELECT cache code
   - Allow configuration setting values to contain spaces
   - Fixed problem where default TLS CA data would never be loaded
   - Fixed bug in SSL context initialization
   - Added support for up to TLS v1.2
   - Added support for ECDHE ciphers
   - Added ability to manually specify TLS ciphers
   - Added server certificate validation

  The last change was in January 2014. A daily tarball is available here:
  http://squirrelmail.org/download.php#imap_proxy

  We have been running the code from 2014 in production since 2015, and it's been solid. Here's a link to our PPA, which has the updated version, using the daily tarball from back then:
  https://launchpad.net/~wiktel/+archive/ubuntu/ppa/+packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/up-imapproxy/+bug/1614062/+subscriptions

More information about the Ubuntu-sponsors mailing list