dovecot (1:2.3.4.1-5ubuntu3) eoan; urgency=medium
* SECURITY UPDATE: The IMAP protocol parser does not properly handled
the NUL byte when scanning data in quoted strings, leading to out of
bounds heap memory writes.
- debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
NULs in src/lib-imap/imap-parser.c and
pigeonhole/src/lib-managesieve/managesieve-parser.c,
make sure str_unescape won't be writing past allocated memory
in src/lib-imap/imap-parser.c and
pieonhole/src/lig-managesieve/managesieve-parser.c.
- CVE-2019-11500
-- <email address hidden> (Leonidas S. Barbosa) Wed, 28 Aug 2019 15:47:43 -0300