Format: 1.8 Date: Mon, 31 Jan 2011 13:53:14 -0500 Source: dovecot Binary: dovecot-common dovecot-dev dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-dbg Architecture: amd64 Version: 1:1.2.9-1ubuntu6.3 Distribution: lucid Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: dovecot-common - secure mail server that supports mbox and maildir mailboxes dovecot-dbg - debug symbols for Dovecot dovecot-dev - header files for the dovecot mail server dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes dovecot-postfix - full mail server stack provided by Ubuntu server team Changes: dovecot (1:1.2.9-1ubuntu6.3) lucid-security; urgency=low . * SECURITY UPDATE: information disclosure via newly created mailboxes with incorrect ACLs - debian/patches/CVE-2010-3304.patch: verify the directory isn't the same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c. - CVE-2010-3304 * SECURITY UPDATE: ACL bypass via incorrect ACL merging - debian/patches/CVE-2010-370x.patch: fix logic of merging multiple ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c, acl-cache.c}. - CVE-2010-3706 - CVE-2010-3707 * SECURITY UPDATE: restriction bypass via mailbox ACL changing - debian/patches/CVE-2010-3779.patch: don't give admin rights to all owner mailboxes in src/plugins/acl/acl-backend-vfile.c. - CVE-2010-3779 * SECURITY UPDATE: denial of service via many simultaneous disconnects. - debian/patches/CVE-2010-3780.patch: don't die after three failed writes to log in src/lib/failures.c. - CVE-2010-3780 * debian/control: removed linux-kernel-headers from Build-Conflicts to resolve building with sbuild. * This update does not contain the changes from 1:1.2.9-1ubuntu6.2 that was in -proposed. Checksums-Sha1: 9cd73cdbcd7eafc9939df417ca365d6531035829 5512258 dovecot-common_1.2.9-1ubuntu6.3_amd64.deb e9f672b9cf6d634fb586d6ac8b4ac237d382c44b 659902 dovecot-dev_1.2.9-1ubuntu6.3_amd64.deb f72b165b81999b3f4507e25ea187d4db3ed12501 1200744 dovecot-imapd_1.2.9-1ubuntu6.3_amd64.deb 8db5ffa211da4d727c1d09f4ef7cd5727c2c03c7 1093072 dovecot-pop3d_1.2.9-1ubuntu6.3_amd64.deb dbf524cb6902fc918f3b6223987f1fc2cdc40342 14963328 dovecot-dbg_1.2.9-1ubuntu6.3_amd64.deb Checksums-Sha256: 1e07d9393e0896d56db22e516fbc11c205e5621127e44bfaaf7aa8a234cbdabf 5512258 dovecot-common_1.2.9-1ubuntu6.3_amd64.deb a8d118ba617efe074b19daf7c1f127205da491ffda75aa16fc8e26bedd5149f4 659902 dovecot-dev_1.2.9-1ubuntu6.3_amd64.deb 8179b0ea4010db3161059a09a985045b39c764872ecca706cddad05b0e2af52c 1200744 dovecot-imapd_1.2.9-1ubuntu6.3_amd64.deb dce2bb82fe700bfa273aa5e5db09acdaefdfab5f17ca66d8d2fffae97762812a 1093072 dovecot-pop3d_1.2.9-1ubuntu6.3_amd64.deb e53f95744cc90d5cb7e048e581bfef2a9d51b00f18c99f284010b3516d4e10e8 14963328 dovecot-dbg_1.2.9-1ubuntu6.3_amd64.deb Files: e5d7ae5b2c55b255804a0f3996edb3fe 5512258 mail optional dovecot-common_1.2.9-1ubuntu6.3_amd64.deb 1581f01ffeb79f2660cd36ff5bd71ffc 659902 mail optional dovecot-dev_1.2.9-1ubuntu6.3_amd64.deb aa69e75cf135728602d79ba246573527 1200744 mail optional dovecot-imapd_1.2.9-1ubuntu6.3_amd64.deb 6eee0eeb2518e04cb1a2144f7f17d3d4 1093072 mail optional dovecot-pop3d_1.2.9-1ubuntu6.3_amd64.deb 1ccfc078b3230a780306bde804bfaba3 14963328 debug extra dovecot-dbg_1.2.9-1ubuntu6.3_amd64.deb Original-Maintainer: Dovecot Maintainers