-
dovecot (1:2.2.27-3ubuntu1.4) artful; urgency=medium
* Cherrypick bionic autopkgtest fix to account for Ubuntu in the welcome
string. LP: #1757265
-- Dimitri John Ledkov <email address hidden> Wed, 21 Mar 2018 10:17:09 +0000
-
dovecot (1:2.2.27-3ubuntu1.3) artful-security; urgency=medium
* SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
- debian/patches/CVE-2017-14461/*.patch: upstream parsing fixes.
- CVE-2017-14461
* SECURITY UPDATE: TLS SNI config lookups DoS
- debian/patches/CVE-2017-15130/*.patch: upstream config filtering fix.
- CVE-2017-15130
* debian/rules: create m4 directory and run autoreconf.
-- Marc Deslauriers <email address hidden> Mon, 26 Feb 2018 13:19:51 -0500
-
dovecot (1:2.2.27-3ubuntu1.2) artful-security; urgency=medium
* SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
- debian/patches/CVE-2017-15132.patch: fix memory leak in
auth_client_request_abort() in src/lib-auth/auth-client-request.c.
- debian/patches/CVE-2017-15132-additional.patch: remove request after
abort in src/lib-auth/auth-client-request.c,
src/lib-auth/auth-server-connection.c,
src/lib-auth/auth-serser-connection.h.
- CVE-2017-15132
-- <email address hidden> (Leonidas S. Barbosa) Wed, 31 Jan 2018 13:38:11 -0300
-
dovecot (1:2.2.27-3ubuntu1) artful; urgency=medium
* Merge with Debian; Remaining Changes:
+ Add updated autopkgtest to debian/tests/*.
+ Drop build dependency on libstemmer-dev (universe)
+ Use Snakeoil SSL certificates by default
- d/control: Depend on ssl-cert
+ Add mail-stack-delivery
- add package in d/rules, d/control
- add d/*mail-stack-delivery* maintainer scripts and default conf
- d/mail-stack-delivery.preinst: Move previously installed backups and
config files to a new package namespace.
- d/mail-stack-delivery.README.Debian clarified use of configuration files
+ Disable dovecot-lucene plugin as it had various issues, has universe
dependencies and is deprecated in favor of solr anyway.
+ handle conffile removal of /etc/init/dovecot.conf (due to dropping
upstart). Can be removed once no upgrade path from <yakkety is left.
* Dropped changes:
- SECURITY UPDATE (CVE-2017-2669): DoS via crafted username (is in Debian)
-- Christian Ehrhardt <email address hidden> Fri, 28 Apr 2017 11:12:48 +0200
-
dovecot (1:2.2.27-2ubuntu2) zesty; urgency=medium
* SECURITY UPDATE: DoS via crafted username
- debian/patches/CVE-2017-2669.patch: do not double-expand key in
passdb dict when authenticating in src/auth/db-dict.c.
- CVE-2017-2669
-- Marc Deslauriers <email address hidden> Fri, 07 Apr 2017 13:31:02 -0400