dovecot 1:2.3.4.1-5ubuntu1 source package in Ubuntu

Changelog

dovecot (1:2.3.4.1-5ubuntu1) eoan; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - carry mail-stack-delivery as empty transitional package
  * Dropped:
    - SECURITY UPDATE: stack overflow when reading FTS or POP3-UIDL header
      + debian/patches/CVE-2019-7524-1.patch: fix buffer overflow when
        reading oversized hdr-pop3-uidl header in
        src/lib-storage/index/index-pop3-uidl.c.
      + debian/patches/CVE-2019-7524-2.patch: fix buffer overflow when
        reading oversized fts header in src/plugins/fts/fts-api.c.
      + CVE-2019-7524
      [Fixed in 1:2.3.4.1-3]
    - SECURITY UPDATE: JSON encoder assert DoS
      + debian/patches/CVE-2019-10691.patch: escape invalid UTF-8 as unicode
        bytes in src/lib/json-parser.c, src/lib/test-json-parser.c.
      + CVE-2019-10691
      [Fixed in 1:2.3.4.1-4]
    - SECURITY UPDATE: submission-login denial of service issues
      + debian/patches/CVE-2019-1149x-1.patch: remove unused
        client->pending_starttls in src/submission-login/client.h.
      + debian/patches/CVE-2019-1149x-2.patch: fix crash occurring when
        client disconnects during authentication in
        src/submission-login/client-authenticate.c,
        src/submission-login/client.c.
      + debian/patches/CVE-2019-1149x-3.patch: fix AUTH response error
        handling so that it stops reading more input in
        src/lib-smtp/smtp-server-cmd-auth.c.
      + CVE-2019-11494
      + CVE-2019-11499
      [Fixed in 1:2.3.4.1-5]

dovecot (1:2.3.4.1-5) unstable; urgency=medium

  * [bd00402] Fix CVE-2019-11494 and CVE-2019-11499 (Closes: #928235)
     - submission-login: fix null pointer dereference when client
       disconnects during authentication (CVE-2019-11494)
     - submission-login: fix assert-crash when receiving an invalid
       authentication message over TLS (CVE-2019-11499)

dovecot (1:2.3.4.1-4) unstable; urgency=high

  * [d04d4ba] Fix assert-crash in JSON encoder (CVE-2019-10691)

dovecot (1:2.3.4.1-3) unstable; urgency=high

  * [07c9212] Fix two buffer overflows when reading oversized FTS headers
    and/or oversized POP3-UIDL headers (CVE-2019-7524).

dovecot (1:2.3.4.1-2) unstable; urgency=medium

  [ Laurent Bigonville ]
  * [ac99918] Fix double-free crash in mysql driver
    Fix double closing of the connection in the mysql driver, this should
    fix the crash in the dovecot auth process, taken from upstream.
    (Closes: #918339)

  [ Apollon Oikonomopoulos ]
  * [8a30446] Bump Standards-Version to 4.3.0; no changes needed

 -- Bryce Harrington <email address hidden>  Fri, 03 May 2019 12:02:04 -0700

Upload details

Uploaded by:
Bryce Harrington on 2019-05-09
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
mail
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
dovecot_2.3.4.1.orig.tar.gz 6.6 MiB b8873e2ce5c33e58963bb7a8d2ff8427c09dbfdd63e13a0b0f4502864043aa07
dovecot_2.3.4.1-5ubuntu1.debian.tar.xz 526.4 KiB 20741c727d64061c942ca09596ae9c8698ff77acd8df59f2c964480d51eed1cf
dovecot_2.3.4.1-5ubuntu1.dsc 3.4 KiB 443940f9b36c067df84cf4d8cbde03d17b47c36d7a0bf1d06c4664cf8f60894e

View changes file

Binary packages built by this source

dovecot-auth-lua: secure POP3/IMAP server - Lua authentication plugin

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package contains an authentication plugin allowing password and user
 databases to be implemented in Lua.

dovecot-auth-lua-dbgsym: debug symbols for dovecot-auth-lua
dovecot-core: secure POP3/IMAP server - core files

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package contains the Dovecot main server and its command line utility.

dovecot-core-dbgsym: debug symbols for dovecot-core
dovecot-dev: secure POP3/IMAP server - header files

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package contains header files needed to compile plugins for the Dovecot
 mail server.

dovecot-gssapi: secure POP3/IMAP server - GSSAPI support

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package provides GSSAPI authentication support for Dovecot.

dovecot-gssapi-dbgsym: debug symbols for dovecot-gssapi
dovecot-imapd: secure POP3/IMAP server - IMAP daemon

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package contains the Dovecot IMAP server.

dovecot-imapd-dbgsym: debug symbols for dovecot-imapd
dovecot-ldap: secure POP3/IMAP server - LDAP support

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package provides LDAP support for Dovecot.

dovecot-ldap-dbgsym: debug symbols for dovecot-ldap
dovecot-lmtpd: secure POP3/IMAP server - LMTP server

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package contains the Dovecot LMTP server.

dovecot-lmtpd-dbgsym: debug symbols for dovecot-lmtpd
dovecot-lucene: secure POP3/IMAP server - Lucene support

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package provides Lucene full text search support for Dovecot.

dovecot-lucene-dbgsym: debug symbols for dovecot-lucene
dovecot-managesieved: secure POP3/IMAP server - ManageSieve server

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package contains the Dovecot ManageSieve server.

dovecot-managesieved-dbgsym: debug symbols for dovecot-managesieved
dovecot-mysql: secure POP3/IMAP server - MySQL support

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package provides MySQL support for Dovecot.

dovecot-mysql-dbgsym: debug symbols for dovecot-mysql
dovecot-pgsql: secure POP3/IMAP server - PostgreSQL support

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package provides PostgreSQL support for Dovecot.

dovecot-pgsql-dbgsym: debug symbols for dovecot-pgsql
dovecot-pop3d: secure POP3/IMAP server - POP3 daemon

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package contains the Dovecot POP3 server.

dovecot-pop3d-dbgsym: debug symbols for dovecot-pop3d
dovecot-sieve: secure POP3/IMAP server - Sieve filters support

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package provides Sieve filters support for Dovecot.

dovecot-sieve-dbgsym: debug symbols for dovecot-sieve
dovecot-solr: secure POP3/IMAP server - Solr support

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package provides Solr full text search support for Dovecot.

dovecot-solr-dbgsym: debug symbols for dovecot-solr
dovecot-sqlite: secure POP3/IMAP server - SQLite support

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package provides SQLite support for Dovecot.

dovecot-sqlite-dbgsym: debug symbols for dovecot-sqlite
dovecot-submissiond: secure POP3/IMAP server - mail submission agent

 Dovecot is a mail server whose major goals are security and extreme
 reliability. It tries very hard to handle all error conditions and verify
 that all data is valid, making it nearly impossible to crash. It supports
 mbox/Maildir and its own dbox/mdbox formats, and should also be pretty
 fast, extensible, and portable.
 .
 This package contains the Dovecot Mail Submission Agent which implements a
 basic SMTP submission service with BURL support.

dovecot-submissiond-dbgsym: debug symbols for dovecot-submissiond
mail-stack-delivery: transitional package

 This is a transitional package. It can safely be removed.
 .
 If you had formerly set up dovecot via mail-stack-delivery this package will
 still have the configuration /etc/dovecot/conf.d/99-mail-stack-delivery.conf
 associated to it which will be removed if you purge the package.