[ubuntu/focal-proposed] dovecot 1:2.3.7.2-1ubuntu1 (Accepted)

Bryce Harrington bryce at canonical.com
Mon Nov 18 19:33:16 UTC 2019 

dovecot (1:2.3.7.2-1ubuntu1) focal; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - carry mail-stack-delivery as empty transitional package
  * Dropped:
    - SECURITY UPDATE: The IMAP protocol parser does not properly handled
      the NUL byte when scanning data in quoted strings, leading to out of
      bounds heap memory writes.
      + debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
        NULs in src/lib-imap/imap-parser.c and
        pigeonhole/src/lib-managesieve/managesieve-parser.c,
        make sure str_unescape won't be writing past allocated memory
        in src/lib-imap/imap-parser.c and
        pieonhole/src/lig-managesieve/managesieve-parser.c.
      + CVE-2019-11500
      [Now in upstream for 1:2.3.7.2-1]

dovecot (1:2.3.7.2-1) unstable; urgency=medium

  * [dcaf24e] New upstream version 2.3.7.2
    - Fixes CVE-2019-11500 for dovecot-core
  * [111beef] Update pigeonhole to 0.5.7.2
    - Fixes CVE-2019-11500 for pigeonhole/managesieve
  * [a422c4c] Bump Standards-Version to 4.4.0; no changes needed
  * [56e37ed] Bump dh compat to 12; no changes needed.
    - Drop d/compat in favor debhelper-compat B-D.
  * [476edbd] Refresh dovecot_name.patch and ssl-cert-location.patch
  * [9dc7904] Drop patches included in 2.3.7.2.
     - CVE-2019-10691
     - CVE-2019-11494
     - CVE-2019-11499
     - CVE-2019-7524
     - avoid-double-closing-mysql.patch
     - lib-master-test-event-stats-Use-PRIu64-format.patch

Date: Wed, 13 Nov 2019 18:50:44 -0800
Changed-By: Bryce Harrington <bryce at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.7.2-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 Nov 2019 18:50:44 -0800
Source: dovecot
Architecture: source
Version: 1:2.3.7.2-1ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bryce Harrington <bryce at canonical.com>
Changes:
 dovecot (1:2.3.7.2-1ubuntu1) focal; urgency=medium
 .
   * Merge with Debian unstable. Remaining changes:
     - carry mail-stack-delivery as empty transitional package
   * Dropped:
     - SECURITY UPDATE: The IMAP protocol parser does not properly handled
       the NUL byte when scanning data in quoted strings, leading to out of
       bounds heap memory writes.
       + debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with
         NULs in src/lib-imap/imap-parser.c and
         pigeonhole/src/lib-managesieve/managesieve-parser.c,
         make sure str_unescape won't be writing past allocated memory
         in src/lib-imap/imap-parser.c and
         pieonhole/src/lig-managesieve/managesieve-parser.c.
       + CVE-2019-11500
       [Now in upstream for 1:2.3.7.2-1]
 .
 dovecot (1:2.3.7.2-1) unstable; urgency=medium
 .
   * [dcaf24e] New upstream version 2.3.7.2
     - Fixes CVE-2019-11500 for dovecot-core
   * [111beef] Update pigeonhole to 0.5.7.2
     - Fixes CVE-2019-11500 for pigeonhole/managesieve
   * [a422c4c] Bump Standards-Version to 4.4.0; no changes needed
   * [56e37ed] Bump dh compat to 12; no changes needed.
     - Drop d/compat in favor debhelper-compat B-D.
   * [476edbd] Refresh dovecot_name.patch and ssl-cert-location.patch
   * [9dc7904] Drop patches included in 2.3.7.2.
      - CVE-2019-10691
      - CVE-2019-11494
      - CVE-2019-11499
      - CVE-2019-7524
      - avoid-double-closing-mysql.patch
      - lib-master-test-event-stats-Use-PRIu64-format.patch
Checksums-Sha1:
 08f400d35b4b3149b7eeb955fd1b1cef5a4a579d 3496 dovecot_2.3.7.2-1ubuntu1.dsc
 cceb5ec832c73275423ec2fe16381073aa798b0c 7076231 dovecot_2.3.7.2.orig.tar.gz
 7b97537667673bf20523d2581dd1d18e1af74567 542220 dovecot_2.3.7.2-1ubuntu1.debian.tar.xz
 03b72f83046b14f5440d253c36b4abebd1ebd06b 7967 dovecot_2.3.7.2-1ubuntu1_source.buildinfo
Checksums-Sha256:
 67f275b513b5410e57df88da0034f5e8ed3051737614841ba8501feff0175c72 3496 dovecot_2.3.7.2-1ubuntu1.dsc
 666ce084760a47e601d49a9be3c7993c48789d332631e8dfb45f443b367b1260 7076231 dovecot_2.3.7.2.orig.tar.gz
 3d9925b24f3d221eeefeef937c067e4b5f3b9901fa6bd1f915f33bca5348dd0a 542220 dovecot_2.3.7.2-1ubuntu1.debian.tar.xz
 c9f516aa91b5bef3f43c8ce4c27302d28417cb965763de25494c6e7038f817c2 7967 dovecot_2.3.7.2-1ubuntu1_source.buildinfo
Files:
 e43c8ef07171275a0e737761445cb287 3496 mail optional dovecot_2.3.7.2-1ubuntu1.dsc
 c4817055f4a32e10c2c7eb3d42e14736 7076231 mail optional dovecot_2.3.7.2.orig.tar.gz
 4b58b1312e5026b609b033715af9cbb2 542220 mail optional dovecot_2.3.7.2-1ubuntu1.debian.tar.xz
 1c7eee7ec44eaba60d0980391ba49f00 7967 mail optional dovecot_2.3.7.2-1ubuntu1_source.buildinfo
Original-Maintainer: Dovecot Maintainers <dovecot at packages.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpmEQCz2sHU8srYpU5gOyV4+48PsFAl3S8EgACgkQ5gOyV4+4
8PvWlxAArv69h518m9hizcyTfV/jOO00gsLYtm89vXqmob2zQJ462s/JKSfve2B+
NFbh1kJ84JJf/kON7xuHguBGlpTPqA5gh01iHeAAN3kan8q1WsoX9LPpTDzZEy+0
86zQuNI2KaPpWKtgoIYOcoNfXgnFTbpdilVmoTxCq6fKvy6YR1+eJZAQnSyc6lVT
UKvnhElszIoY+bgniNprFlB4s/hfmQhMkdWLZkRcfmBu72GOhCtlw7rufxO8LF6b
ie1MZ/WzQeDc3kw+yXOJZd12I31mthC4yXAgoRLpwnoB2nVQiAlIoJe0W5zZEWIx
Q0UPOCLhZhp/4EYJ03m64j707/NHn4usSb9xtDPFSNGXOw7RkuPo8JreWilB0CmT
HYE5b81Iy3kfHzI/evHa3aprhy8jYmj/Ic4m4Iyd0of3D55aUD4KTzfxlsqkmAj0
ayA60c+ye8ckC0hIHNz8LChxc4ZI7QZMjVUpzuvs3dh34uYeZ6Y1JZzYRPZJ6emO
8Mg/EabLz5yR6l1yzaUiClNi6MW4BsYYBADMs+O9QjbO3wNrMbpEdjhc4IGnbpbp
+9n9pR0/UlvK/FV6NOeX3DPKfrZt5KGXNRduZ5FtgB30pZ+0R7xVV5auFHv2YmfK
jZoXmhaZ3RPS8Taa0GCcU9ZMzP9XqPocSJCfbas6H7VaXo+4UeE=
=mCv+
-----END PGP SIGNATURE-----

More information about the Focal-changes mailing list