-
cyrus-imapd-2.2 (2.2.13-19squeeze3build0.10.10.1) maverick-security; urgency=low
* fake sync from Debian
cyrus-imapd-2.2 (2.2.13-19+squeeze3) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix possible NULL pointer dereference via crafted message reference
id caused by a missing sanitizing of the mail headers. This can be
exploited from a client making use of the IMAP threading feature
(CVE-2011-3481).
-- Steve Beattie <email address hidden> Fri, 27 Jan 2012 17:18:29 -0800
-
cyrus-imapd-2.2 (2.2.13-19squeeze2build0.10.10.1) maverick-security; urgency=low
* fake sync from Debian
cyrus-imapd-2.2 (2.2.13-19+squeeze2) stable-security; urgency=low
* Update Vcs-* and Homepage
* Fix stack-based buffer overflow in the split_wildmats function in
nntpd.c (CVE-2011-3208)
* Fix for authentication bypass in nntpd (SA46093)
-- Steve Beattie <email address hidden> Tue, 18 Oct 2011 22:17:13 -0700
-
cyrus-imapd-2.2 (2.2.13-19squeeze1build0.10.10.1) maverick-security; urgency=low
* fake sync from Debian
cyrus-imapd-2.2 (2.2.13-19+squeeze1) stable-security; urgency=low
* Fix infinite loop in case of corrupted index files (Closes: #627078)
* Add gbp.conf to easy future updates
* Fix CVE-2011-1926: STARTTLS plaintext command injection
vulnerability (VU#555316) (Closes: #627081)
-- Jamie Strandboge <email address hidden> Fri, 10 Jun 2011 15:18:20 -0500
-
cyrus-imapd-2.2 (2.2.13-19build1) maverick; urgency=low
* No change rebuild for Heimdal transition
-- Scott Kitterman <email address hidden> Tue, 17 Aug 2010 23:28:38 -0400
-
cyrus-imapd-2.2 (2.2.13-19) unstable; urgency=low
* Switch to BerkeleyDB 4.7, the version OpenLDAP uses.
* Add patch by Cristian Rigamonti to fix logcheck rules for "defaultbc
doesn't exist" error message. (Closes: #511030)
* Update Vietnamese debconf translation, thanks Clytie Siddall.
(Closes: #548052)
* Upload to unstable for the libkrb transition.
cyrus-imapd-2.2 (2.2.13-18) experimental; urgency=low
[ Henrique de Moraes Holschuh ]
* sieve/bc_eval.c (0025-upstream-fix-cve-2009-3235.dpatch):
update for completeness to match the patch used by the security-team:
use snprintf for scount, to future-proof against "int" larger than
64 bits.
[ Christoph Berg ]
* Add myself to Uploaders.
* Upgrade to use BerkeleyDB 4.8. (Closes: #421942)
* Convert to use quilt, and update the patch headers to use clean paths.
(Closes: #563303)
* Add patch by Mathieu Parent to fix conflicting getline definition.
(Closes: #552865)
cyrus-imapd-2.2 (2.2.13-17) unstable; urgency=high
* Security Update: CVE-2009-3235:
Multiple stack-based buffer overflows in the Sieve parsing code,
patches taken from upstream CVS (closes: #547947)
-- Michael Bienia <email address hidden> Mon, 29 Mar 2010 15:52:05 +0100
