[ubuntu/xenial-security] dovecot 1:2.2.22-1ubuntu2.11 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Aug 28 12:35:23 UTC 2019
dovecot (1:2.2.22-1ubuntu2.11) xenial-security; urgency=medium
* SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds
heap memory writes
- debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
NULs in src/lib-imap/imap-parser.c and
pigeonhole/src/lib-managesieve/managesieve-parser.c,
make sure str_unescape won't be writing past allocated memory
in src/lib-imap/imap-parser.c and
pieonhole/src/lig-managesieve/managesieve-parser.c.
- CVE-2019-11500
Date: 2019-08-15 12:02:14.315835+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.22-1ubuntu2.11
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list