Change log for uw-imap package in Ubuntu

137 of 37 results
Published in disco-updates on 2019-10-21
Published in disco-security on 2019-10-21
uw-imap (8:2007f~dfsg-5ubuntu0.19.04.2) disco-security; urgency=medium

  * SECURITY UPDATE: Argument injection.
    - debian/patches/2013_disable_rsh.patch: Disable access to IMAP mailboxes
      through running imapd over rsh, and therefore ssh. Code using the library
      can enable it with tcp_parameters() after making sure that the IMAP
      server name is sanitized.
    - CVE-2018-19518

 -- Eduardo Barretto <email address hidden>  Thu, 17 Oct 2019 11:13:52 -0300
Published in bionic-updates on 2019-10-21
Published in bionic-security on 2019-10-21
uw-imap (8:2007f~dfsg-5ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Argument injection.
    - debian/patches/2013_disable_rsh.patch: Disable access to IMAP mailboxes
      through running imapd over rsh, and therefore ssh. Code using the library
      can enable it with tcp_parameters() after making sure that the IMAP
      server name is sanitized.
    - CVE-2018-19518

 -- Eduardo Barretto <email address hidden>  Thu, 17 Oct 2019 10:52:18 -0300
Published in xenial-updates on 2019-10-21
Published in xenial-security on 2019-10-21
uw-imap (8:2007f~dfsg-4+deb8u1build0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Sync from Debian.
    - Fixes CVE-2018-19518.

Published in focal-release on 2019-10-18
Published in eoan-release on 2019-09-06
Deleted in eoan-proposed (Reason: moved to release)
uw-imap (8:2007f~dfsg-6ubuntu2) eoan; urgency=medium

  * No-change upload with strops.h and sys/strops.h removed in glibc.

 -- Matthias Klose <email address hidden>  Thu, 05 Sep 2019 11:14:47 +0000
Superseded in bionic-updates on 2019-10-21
Deleted in bionic-proposed on 2019-10-23 (Reason: moved to -updates)
uw-imap (8:2007f~dfsg-5ubuntu0.18.04.1) bionic; urgency=medium

  * 2014_openssl1.1.1_sni.patch (new): Use SNI when building
    with OpenSSL 1.1.1 / TLSv1.3 support, since some servers
    (e.g., imap.gmail.com, imap.mail.att.net) require SNI on
    TLSv1.3 to pass certificate verification. (LP: #1834340)
  * debian/control.in.in: Update maintainer that lasts build.

 -- Mauricio Faria de Oliveira <email address hidden>  Fri, 09 Aug 2019 11:51:00 -0300
Superseded in disco-updates on 2019-10-21
Deleted in disco-proposed on 2019-10-23 (Reason: moved to -updates)
uw-imap (8:2007f~dfsg-5ubuntu0.19.04.1) disco; urgency=medium

  * 2014_openssl1.1.1_sni.patch (new): Use SNI when building
    with OpenSSL 1.1.1 / TLSv1.3 support, since some servers
    (e.g., imap.gmail.com, imap.mail.att.net) require SNI on
    TLSv1.3 to pass certificate verification. (LP: #1834340)
  * debian/control.in.in: Update maintainer that lasts build.

 -- Mauricio Faria de Oliveira <email address hidden>  Fri, 09 Aug 2019 11:51:00 -0300
Superseded in eoan-release on 2019-09-06
Deleted in eoan-proposed on 2019-09-07 (Reason: moved to release)
uw-imap (8:2007f~dfsg-6ubuntu1) eoan; urgency=medium

  * 2014_openssl1.1.1_sni.patch (new): Use SNI when building
    with OpenSSL 1.1.1 / TLSv1.3 support, since some servers
    (e.g., imap.gmail.com, imap.mail.att.net) require SNI on
    TLSv1.3 to pass certificate verification. (LP: #1834340)
  * debian/control{,.in{,.in}}: Update maintainer across all.

 -- Mauricio Faria de Oliveira <email address hidden>  Fri, 09 Aug 2019 11:51:00 -0300
Superseded in eoan-release on 2019-08-14
Deleted in eoan-proposed on 2019-08-16 (Reason: moved to release)
uw-imap (8:2007f~dfsg-6) unstable; urgency=medium

  * [CVE-2018-19518] 2013_disable_rsh.patch (new): Disable access to IMAP
    mailboxes through running imapd over rsh, and therefore ssh (Closes:
    #914632). Code using the library can enable it with tcp_parameters()
    after making sure that the IMAP server name is sanitized.
  * Change Priority: extra of -dev package to optional.
  * Move git repository to salsa.debian.org.

 -- Magnus Holmgren <email address hidden>  Wed, 27 Feb 2019 00:08:08 +0100
Superseded in eoan-release on 2019-04-22
Published in disco-release on 2018-10-30
Published in cosmic-release on 2018-05-01
Published in bionic-release on 2018-02-08
Deleted in bionic-proposed (Reason: moved to release)
uw-imap (8:2007f~dfsg-5build1) bionic; urgency=high

  * No change rebuild against openssl1.1.

 -- Dimitri John Ledkov <email address hidden>  Mon, 05 Feb 2018 23:29:28 +0000
Superseded in bionic-release on 2018-02-08
Published in artful-release on 2017-04-20
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed (Reason: moved to release)
uw-imap (8:2007f~dfsg-5) unstable; urgency=low

  * 1006_openssl1.1_autoverify.patch (new): Use new features for
    validating certificates when building with OpenSSL 1.1 (Closes:
    #828589). Thanks to Sebastian Andrzej Siewior and Kurt Roeckx for
    help.
  * Switch to Debhelper compat level 9.
  * Bump Standards-Version to 3.9.8.
  * Update Build-Depends with cdbs.

 -- Magnus Holmgren <email address hidden>  Wed, 23 Nov 2016 22:25:10 +0100

Available diffs

Superseded in zesty-release on 2016-11-24
Obsolete in yakkety-release on 2018-01-23
Published in xenial-release on 2015-10-22
Obsolete in wily-release on 2018-01-22
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed (Reason: moved to release)
uw-imap (8:2007f~dfsg-4) unstable; urgency=medium


  * 2012_krb5_multidev.patch: Fix typo mixing up --cflags and --libs
    causing libc-client not to be linked to the kerberos libraries
    (Closes: #766526).
  * Tell d-shlibmove to substitute krb5-multidev for libkrb5-dev.

 -- Magnus Holmgren <email address hidden>  Fri, 24 Oct 2014 22:40:53 +0200

Available diffs

Superseded in vivid-release on 2014-10-26
Obsolete in utopic-release on 2016-11-03
Published in trusty-release on 2013-12-30
Deleted in trusty-proposed (Reason: moved to release)
uw-imap (8:2007f~dfsg-2) unstable; urgency=medium


  * New maintainer (Closes: #686448).
  * Disable unnecessarily strict version check (Closes: #682256).

 -- Magnus Holmgren <email address hidden>  Thu, 25 Oct 2012 23:00:39 +0200
Superseded in trusty-release on 2013-12-30
Obsolete in saucy-release on 2015-04-24
Obsolete in raring-release on 2015-04-24
Obsolete in quantal-release on 2015-04-24
uw-imap (8:2007e~dfsg-3.2ubuntu2) quantal; urgency=low

  * Add build-arch/build-indep targets to fix build failure exposed with
    recent dpkg-dev versions.
 -- Matthias Klose <email address hidden>   Tue, 02 Oct 2012 15:40:18 +0200
Superseded in quantal-release on 2012-10-02
Published in precise-release on 2011-12-09
uw-imap (8:2007e~dfsg-3.2ubuntu1) precise; urgency=low

  * Merge with Debian; remaining changes:
    - Resolve unresolved symbols in shared libraries. Closes: #558968.
      Fixing the FTFBS for prayer.
    - Apply patch from Vladimir Kolesnikov to properly zero out len
      parameter when mail_fetch_body() returns an empty string.
    - Added debian/patches/1100_kolab_annotations.patch to support Kolab
      integration.

Superseded in precise-release on 2011-12-09
Obsolete in oneiric-release on 2015-04-24
uw-imap (8:2007e~dfsg-3.1ubuntu4) oneiric; urgency=low

  * Resolve unresolved symbols in shared libraries. Closes: #558968.
    Fixing the FTFBS for prayer.
 -- Matthias Klose <email address hidden>   Tue, 13 Sep 2011 22:53:14 +0000
Superseded in oneiric-release on 2011-09-14
uw-imap (8:2007e~dfsg-3.1ubuntu3) oneiric; urgency=low

  * Apply patch from Vladimir Kolesnikov to properly zero out len
    parameter when mail_fetch_body() returns an empty string.
    (LP: #617876)
 -- Daniel T Chen <email address hidden>   Thu, 28 Jul 2011 18:38:08 -0400
Superseded in oneiric-release on 2011-07-28
uw-imap (8:2007e~dfsg-3.1ubuntu2) oneiric; urgency=low

  * Rebuild for OpenSSL 1.0.0.
 -- Colin Watson <email address hidden>   Sat, 21 May 2011 11:59:55 +0100
Superseded in oneiric-release on 2011-05-21
Obsolete in natty-release on 2013-06-04
Obsolete in maverick-release on 2013-03-05
uw-imap (8:2007e~dfsg-3.1ubuntu1) maverick; urgency=low

  * Added debian/patches/1100_kolab_annotations.patch to support Kolab
    integration
 -- Scott Kitterman <email address hidden>   Tue, 03 Aug 2010 09:26:11 -0400
Superseded in maverick-release on 2010-08-03
Obsolete in lucid-release on 2016-10-26
uw-imap (8:2007e~dfsg-3.1) unstable; urgency=low

  * Non-maintainer upload.
  * Add Provides to virtual pop3-server and imap-server to avoid file
    conflicts with alternative daemons. (Closes: #550380)
 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  10 Feb 2010 17:20:37 +0000

Available diffs

Superseded in lucid-release on 2010-02-10
uw-imap (8:2007e~dfsg-3) unstable; urgency=low

  * Fix have ipopd (not uw-imapd) conflict/replace virtual pop3-server.

Superseded in lucid-release on 2009-12-12
Obsolete in karmic-release on 2013-03-04
uw-imap (8:2007b~dfsg-1.1build1) karmic; urgency=low

  * No-change rebuild against libkrb5-3

 -- Steve Langasek <email address hidden>   Mon, 12 Oct 2009 19:38:26 +0000
Superseded in karmic-release on 2009-10-12
Obsolete in jaunty-release on 2013-02-28
uw-imap (8:2007b~dfsg-1.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix denial of service vulnerability because of rfc822_output_char() not
    checking for a full buffer and writing one byte ahead the buffer, later
    resulting in memcpy getting called with a possible size argument of -1
    (0003_CVE-2008-5514.patch; Closes: #510918)

 -- Stephan Hermann <email address hidden>   Mon,  30 Mar 2009 10:51:28 +0100

Available diffs

Superseded in jaunty-release on 2009-03-30
uw-imap (8:2007b~dfsg-1) unstable; urgency=medium

  * Revert to older upstream 2007b, and instead bump epoc, as simplest
    possible apporach to get back to old soname, needed for the frozen
    Lenny. Thanks to Adeodato Simó for educating me about the problem
    and coming up with the solution.
  * Add patch 0001 from newer 2007d release, fixing local exploitable
    security hole in dmail and tmail. Thanks to Tomas Pospisek for
    reporting.
  * Add patch 0002 from newer 2007d release, to not close already closed
    smtp netstream.
  * Set urgency=medium due to soname fix (security issue already in
    7:2007d~dfsg-1 and 7:2007b~dfsg-4+lenny1, so urgency=high unneeded.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  05 Dec 2008 18:47:36 +0000

Available diffs

Superseded in jaunty-release on 2008-12-05
uw-imap (7:2007d~dfsg-1) unstable; urgency=high

  * New upstream release.
  * Set urgency=high as this release fixes a locally exploitable hole in
    dmail and tmail.
  * Update cdbs snippets:
    + Restructure output of copyright-check.mk to match new proposed
      copyright-format at
      http://wiki.debian.org/Proposals/CopyrightFormat .
    + Several minor improvements to upstream-tarball.mk.
    + Add new local package-relations.mk to merge duplicate
      build-dependencies and more.  Drop cleanup in debian/rules.
    + Update debian/README.cdbs-tweaks.
  * Update copyright hints.
  * Add DEB_MAINTAINER_MODE in debian/rules (thanks to Romain Beauxis).
  * Semi-auto-update debian/control to update dependencies:
      DEB_MAINTAINER_MODE=1 fakeroot debian/rules clean

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  10 Nov 2008 11:58:14 +0000

Available diffs

Superseded in jaunty-release on 2008-11-10
uw-imap (7:2007b~dfsg-3) unstable; urgency=high

  * Fix patch 1001 to properly include IP6 flag, so package get compiled
    with IPv6 support as intended.  Closes: bug#268251, thanks to
    Herbert Meier and others for reporting and to Christophe Wolfhugel
    for spotting the cause of the problem and providing a patch.
  * Setting urgency=high as this is a regression to earlier releases,
    and the fix is quite small.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  05 Nov 2008 18:03:34 +0000

Available diffs

Superseded in jaunty-release on 2008-11-06
Obsolete in intrepid-release on 2013-02-20
uw-imap (7:2007b~dfsg-2) unstable; urgency=medium

  * Packaging moved to collab-maint Git at Alioth. Update VCS-* hints.
  * Update Danish (da) locale.
  * Update Brazilian Portuguese (pt_BR). Closes: #469320, thanks to Eder
    L. Marques.
  * Let debhelper install logcheck rules.
  * Fix logcheck rules to ignore connections from resolved domains (not
    only IP numbers).  Closes: bug#298706, #427498, thanks to Donovan
    Baarda and Justin Pryzby.
  * Thanks to Christian Perrier for help pushing this release!
  * Set urgency=medium to hopefully reach Lenny before frozen.

Available diffs

Superseded in intrepid-release on 2008-08-13
Obsolete in hardy-release on 2015-04-24
uw-imap (7:2007~dfsg-1) unstable; urgency=low

  * New upstream release.
  * Adjust patches 1001 and 2004 to no longer change hardcoded location
    of LOCKPGM (mlock): Upstream now by default look for the helper app
    at the following locations:
    1) /etc/mlock (the old default, violating Linux FHS)
    2) /usr/libexec/mlock
    3) /usr/bin/mlock (our earlier hardcoded path)
  * Update patch 1003 (or more correctly: Replace with similar patch
    written for alpine instead of pine). Drop now unneeded patch 1011.
  * Unfuzz patches 1001, 1003 and 2002.
  * Update cdbs tweaks:
    + update-tarball improved repackaging
    + Drop local tweak bts.mk (all bugreports are welcome at Debian BTS)
    + Drop local tweak buildcore.mk (superfluous)
  * Debconf templates and debian/control reviewed by the debian-l10n-
    english team as part of the Smith review project. Closes: #446204
  * Debconf translation updates
    + Japanese. Closes: #446574
    + Swedish. Closes: #446761
    + Galician. Closes: #446789
    + French. Closes: #446849
    + Turkish. Closes: #446880
    + Vietnamese. Closes: #446903
    + Portuguese. Closes: #444469, #446942
    + Finnish. Closes: #447070
    + Basque. Closes: #447230
    + Czech. Closes: #447435
    + Spanish; Castilian. Closes: #447711
    + Italian. Closes: #448236
    + Russian. Closes: #448322
    + German. Closes: #448383
  * Semi-auto-update debian/control to fix version-specific package
    names:
    DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean

Superseded in hardy-release on 2008-01-25
uw-imap (7:2006j2.dfsg-3) unstable; urgency=low

  * Release for unstable.
  * Describe Maildir support as EXPERIMENTAL in NEWS.Debian.

Superseded in hardy-release on 2007-10-24
Obsolete in gutsy-release on 2011-09-16
uw-imap (7:2002edebian1-13.2) unstable; urgency=high

  * Non-maintainer upload.
  * High-urgency upload for RC bugfix.
  * Guard calls to debconf in the postrm so that package removal doesn't fail
    if debconf was removed first.  Closes: #417138, #416780.
  * Depend on update-inetd and inet-superserver now instead of netbase,
    for the package split.

 -- Daniel T Chen <email address hidden>   Wed,  23 May 2007 10:21:16 +0100
Superseded in gutsy-release on 2007-05-23
Obsolete in feisty-release on 2009-08-20
uw-imap (7:2002edebian1-13.1ubuntu1) feisty; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/control debian/control.in debian/control.in.in : Add
      update-inetd to uw-imapd and ipopd's dependencies
  * debian/control: Change Maintainer/XSBC-Original-Maintainer field

Superseded in feisty-release on 2007-02-22
uw-imap (7:2002edebian1-13ubuntu1) feisty; urgency=low

  * debian/control debian/control.in debian/control.in.in : Add update-inetd to
    uw-imapd and ipopd's dependencies (Closes Ubuntu: #76492).

 -- Lionel Porcheron <email address hidden>   Tue, 19 Dec 2006 20:50:38 +0100
Superseded in feisty-release on 2006-12-21
Obsolete in edgy-release on 2008-06-19
Obsolete in dapper-release on 2011-09-06
Superseded in dapper-release on 2006-02-03
uw-imap (7:2002edebian1-13) unstable; urgency=low


  * Apply patch fixing IPv6 for ipopd. Closes: bug#348369 (thanks to
    Sjoerd Simons <email address hidden>).
  * Improve local cdbs snippets:
    + Fix namespaces.
    + Use newer local debhelper snippet again, this time appending to
      dh_gencontrol rather than override it. Adjust po-debconf.
    + Add and enable new auto-update snippet. Move debian/control.in to
      debian/control.in.in.
  * Correct copyright info for debian/rules (debmake skeleton is long
    gone).
  * Fix order of parameters/options to find in debian/rules.

 -- Jonas Smedegaard <email address hidden>  Mon, 16 Jan 2006 18:29:51 +0100
Superseded in dapper-release on 2006-01-31
uw-imap (7:2002edebian1-12) unstable; urgency=high


  * Patch src/c-client/mail.c against remote exploitable buffer overflow
    allowing attacker to execute arbitrary code - CAN-2005-2933. This
    closes: bug#332215 (thanks to iDEFENCE and Martin Pitt
    <email address hidden>).
  * Add/update debconf l10n:
    + Catalan (ca). Closes: Bug#248762 (thanks to Debian L10n Catalan
      Team).
    + Czech (cs). Closes: bug#313261 (thanks to Miroslav Kure
      <email address hidden>).
    + French (fr). Closes: Bug#241986 (thanks to debian-l10n-french
      mailing list contributors).
    + Japanese (ja) Closes: Bug#241804 (thanks to Kenshi Muto
      <email address hidden>).
    + Spanish (es). Closes: bug#323375 (thanks to Carlos Galisteo de
      Cabo <email address hidden>),
    + Swedish (sv). Closes: bug#333346 (thanks to Daniel Nylander
      <email address hidden>).
    + Turkish (tr). Closes: Bug#249129 (thanks to Mehmet Turker).
    + Vietnamese (vi). Closes: bug#324073 (thanks to Vietnamese free-
      software translation team / nhóm Việt hóa phần mềm tự
      do).
  * Modernize maintainer scripts (thanks to lintian):
    + Use `chown uid:gid` (not `chown uid.gid`).
    + Use [ test1 ] && [ test2 ] (not [ test1 -a test2 ]).
  * Source debconf in libc-clientXXX postinst even if unused (thanks to
    lintian).
  * Claim compliance with Policy 3.6.2 (no changes needed).
  * Set urgency=high due to security fix.

 -- Jonas Smedegaard <email address hidden>  Tue, 11 Oct 2005 19:33:40 +0200
Obsolete in breezy-release on 2008-03-25
uw-imap (7:2002edebian1-11sarge1) stable-security; urgency=high


  * Non-maintainer upload by the Security Team
  * Applied upstream patch to fix buffer overflow [src/c-client/mail.c,
    debian/patches/15_CAN-2005-2933.diff]

 -- Martin Schulze <email address hidden>  Thu,  6 Oct 2005 11:02:13 +0200
Obsolete in hoary-release on 2008-03-19
uw-imap (7:2002edebian1-6) unstable; urgency=high


  * Fix CERT security bug VU#702777: CRAM-MD5 authentication (disabled
    by default in Debian) would always grant access after 4 failed
    attempts. This closes: bug#292606, #293418 (thanks to Tomas Pospisek
    <email address hidden> for first reporting it and Martin Schulze
    <email address hidden> for providing a patch).
  * Set urgency=high due to above security fix.
  * Update local cdbs snippets:
    + buildinfo.mk: Make it actually work (tie to proper targets).
    + debhelper.mk: Add CDBS_BUILD_DEPENDS.
    + bts.mk: Make a test more quiet.

 -- Jonas Smedegaard <email address hidden>  Thu,  3 Feb 2005 20:22:23 +0100
Obsolete in warty-security on 2008-01-09
Superseded in warty-security on 2006-02-03
Superseded in warty-security on 2006-02-03
uw-imap (7:2002edebian1-3ubuntu0.1) warty-security; urgency=low


  * SECURITY UPDATE: CRAM-MD5 authentication bypass
  * src/c-client/auth_md5.c:
    - Applied patch by Martin Schulze to fix this vulnerability.
  * References:
    - CAN-2005-0198
    - VU#702777

 -- Gerardo Di Giacomo <email address hidden>  Tue, 22 Feb 2005 11:39:57 +0000
Obsolete in warty-release on 2008-01-09
uw-imap (7:2002edebian1-3) unstable; urgency=low


  * Have libc-client-dev be priority optional.
  * Add japanese debconf localisation. Closes: Bug#224766 (thanks to
    Kenshi Muto <email address hidden>).

 -- Jonas Smedegaard <email address hidden>  Mon, 22 Mar 2004 17:14:32 +0100
137 of 37 results