[ubuntu/eoan-proposed] dovecot 1:2.3.4.1-1ubuntu3 (Accepted)

[Marc Deslauriers]

dovecot (1:2.3.4.1-1ubuntu3) eoan; urgency=medium

  * SECURITY UPDATE: submission-login denial of service issues
    - debian/patches/CVE-2019-1149x-1.patch: remove unused
      client->pending_starttls in src/submission-login/client.h.
    - debian/patches/CVE-2019-1149x-2.patch: fix crash occurring when
      client disconnects during authentication in
      src/submission-login/client-authenticate.c,
      src/submission-login/client.c.
    - debian/patches/CVE-2019-1149x-3.patch: fix AUTH response error
      handling so that it stops reading more input in
      src/lib-smtp/smtp-server-cmd-auth.c.
    - CVE-2019-11494
    - CVE-2019-11499

Date: Tue, 30 Apr 2019 13:44:05 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.4.1-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 Apr 2019 13:44:05 -0400
Source: dovecot
Architecture: source
Version: 1:2.3.4.1-1ubuntu3
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 dovecot (1:2.3.4.1-1ubuntu3) eoan; urgency=medium
 .
   * SECURITY UPDATE: submission-login denial of service issues
     - debian/patches/CVE-2019-1149x-1.patch: remove unused
       client->pending_starttls in src/submission-login/client.h.
     - debian/patches/CVE-2019-1149x-2.patch: fix crash occurring when
       client disconnects during authentication in
       src/submission-login/client-authenticate.c,
       src/submission-login/client.c.
     - debian/patches/CVE-2019-1149x-3.patch: fix AUTH response error
       handling so that it stops reading more input in
       src/lib-smtp/smtp-server-cmd-auth.c.
     - CVE-2019-11494
     - CVE-2019-11499
Checksums-Sha1:
 217d31507f28ec629206c83f38b68cc911c24dbd 3491 dovecot_2.3.4.1-1ubuntu3.dsc
 9fd34c492bded2cb06766249786b939be42499d6 538436 dovecot_2.3.4.1-1ubuntu3.debian.tar.xz
 b0da73f439d8bf58448c237ba061785005ff2940 8628 dovecot_2.3.4.1-1ubuntu3_source.buildinfo
Checksums-Sha256:
 dc0a1b07c7303f99ab66f321be8992c73c05556f6691b945d504c6aa4aed1284 3491 dovecot_2.3.4.1-1ubuntu3.dsc
 847047da9a0218d46e532965f5f471aa0d3a8b50248c97e38aff5aa7f1fc5a4f 538436 dovecot_2.3.4.1-1ubuntu3.debian.tar.xz
 e843b02a18f4a10ccdb57487bb92898efbaa94e836223ca3ff95371b9c32119f 8628 dovecot_2.3.4.1-1ubuntu3_source.buildinfo
Files:
 29a6230a804e29a104bb241adaa0c821 3491 mail optional dovecot_2.3.4.1-1ubuntu3.dsc
 96129b5e7e430073f0cd9ee669d72553 538436 mail optional dovecot_2.3.4.1-1ubuntu3.debian.tar.xz
 dabf3e740b8439f987f5789ffe7456ad 8628 mail optional dovecot_2.3.4.1-1ubuntu3_source.buildinfo
Original-Maintainer: Dovecot Maintainers <dovecot at packages.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzIiigACgkQZWnYVadE
vpOrKA//XBDVgO3vtNDlLbZMccJbP2buAq0cBhMApzf+u028n4dJLhBAkVxCVz2W
qw7qoBAy9CSApthnpukkU3DUZfFjBfb9GaLob/umMxI5i5gEeUdb9yYwQZUV+U36
hG/wLHQUdK3XQrsG9SiINvodU2lWETpMXgh/uIBIKKE6E4E1fgrbVOxlEJs7r8zK
NQGG/AQCiKVFyNrHO+uCikShi6qA9S5ILww01Uuef+NotU5M5Oj/Mp3H1M+GCOoO
0OFEQbszQreO1oKAUymuSs9myk28cQTnPnHVoRpjajpjII8Cs7Nb7sTZXJO5mZlO
lABajRk0xxSNGchnS8MyfWTbjkR6neKyvzsQN/unB0jcwforf+UGwPmYHicG1JOi
JRBqmZyWFUsvtqJ1onnsneqVGsu0Pan1dZMwc1na0BRpsr6K+rb1wz+r90TPsD6F
UEn/cQFuYO5M13sg9g30YBZocuQslv3pChR6HOYakayVsfeWkfhQxhbF2gzwJQuM
8RKCmGZFo80eM+XoOqs5knrbOWrNtHOi2KC1ceJfrOPTI2qG/xtKBaTWAdVaSXbD
rkka6qLyZKuyDIziJmLGd0/b/9PYkO+yQJKoLAdq+NKiOK7ZZK6973h7AozpTXmK
JjO6OxbLM/f/MUZeYuQGs/GiOfGGTB43bk6LPnQkkugSk0hk8E0=
=deLL
-----END PGP SIGNATURE-----