[ubuntu/impish-proposed] dovecot 1:2.3.13+dfsg1-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Jun 21 15:06:13 UTC 2021 

dovecot (1:2.3.13+dfsg1-1ubuntu2) impish; urgency=medium

  * SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
    - debian/patches/CVE-2021-29157.patch: improve escaping in
      src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c,
      src/lib-oauth2/test-oauth2-jwt.c.
    - CVE-2021-29157
  * SECURITY UPDATE: plaintext command injection before STARTTLS
    - debian/patches/CVE-2021-33515.patch: properly handle command queue in
      src/lib-smtp/smtp-server-cmd-starttls.c,
      src/lib-smtp/smtp-server-connection.c.
    - CVE-2021-33515

Date: Wed, 16 Jun 2021 09:02:15 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.13+dfsg1-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 16 Jun 2021 09:02:15 -0400
Source: dovecot
Built-For-Profiles: noudeb
Architecture: source
Version: 1:2.3.13+dfsg1-1ubuntu2
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 dovecot (1:2.3.13+dfsg1-1ubuntu2) impish; urgency=medium
 .
   * SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
     - debian/patches/CVE-2021-29157.patch: improve escaping in
       src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c,
       src/lib-oauth2/test-oauth2-jwt.c.
     - CVE-2021-29157
   * SECURITY UPDATE: plaintext command injection before STARTTLS
     - debian/patches/CVE-2021-33515.patch: properly handle command queue in
       src/lib-smtp/smtp-server-cmd-starttls.c,
       src/lib-smtp/smtp-server-connection.c.
     - CVE-2021-33515
Checksums-Sha1:
 f35ceb81bfd75bc9a8559855f72c6bbb4d59d083 4073 dovecot_2.3.13+dfsg1-1ubuntu2.dsc
 9408d2412df0985b782024bd7a1fb848facbe070 67052 dovecot_2.3.13+dfsg1-1ubuntu2.debian.tar.xz
 2ef1b7cf9daaba8ef1ba73497932fb324ac04729 9111 dovecot_2.3.13+dfsg1-1ubuntu2_source.buildinfo
Checksums-Sha256:
 b2ec44b8771ad40aac9cea22b4f75dea4393711c3cbd3254e1dbc6980b253f3a 4073 dovecot_2.3.13+dfsg1-1ubuntu2.dsc
 33ba5f144cddb54df0edb92d6ec73c6581796912c650a0422f9103d659247297 67052 dovecot_2.3.13+dfsg1-1ubuntu2.debian.tar.xz
 2039f711a3673170468f5635fabc0ce1b2bd428ab503b088e0f0a9bd446a9594 9111 dovecot_2.3.13+dfsg1-1ubuntu2_source.buildinfo
Files:
 afdfd08b4b7d59654ecef94f27e41799 4073 mail optional dovecot_2.3.13+dfsg1-1ubuntu2.dsc
 1936f5df81054c8c9ea3a576eaf0e625 67052 mail optional dovecot_2.3.13+dfsg1-1ubuntu2.debian.tar.xz
 74de380f1ae6fcc9ec2cffd31e288897 9111 mail optional dovecot_2.3.13+dfsg1-1ubuntu2_source.buildinfo
Original-Maintainer: Dovecot Maintainers <dovecot at packages.debian.org>

More information about the impish-changes mailing list