Package "dovecot"

Name:	dovecot
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: secure POP3/IMAP server - Lua authentication plugin secure POP3/IMAP server - GSSAPI support secure POP3/IMAP server - LDAP support secure POP3/IMAP server - LMTP server
Latest version:	1:2.3.7.2-1ubuntu3.7
Release:	focal (20.04)
Level:	updates
Repository:	universe

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "dovecot" in Focal

Repository	Area	Version
base	universe	1:2.3.7.2-1ubuntu3
base	main	1:2.3.7.2-1ubuntu3
security	main	1:2.3.7.2-1ubuntu3.7
security	universe	1:2.3.7.2-1ubuntu3.7
updates	main	1:2.3.7.2-1ubuntu3.7

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 1:2.3.7.2-1ubuntu3.7 2024-09-16 16:06:56 UTC

dovecot (1:2.3.7.2-1ubuntu3.7) focal-security; urgency=medium * SECURITY UPDATE: Very large headers can cause resource exhaustion when parsing message - debian/patches/CVE-2024-23185-pre1.patch: add test_assert_cmp[_idx]() in src/lib-test/test-common.c, src/lib-test/test-common.h. - debian/patches/CVE-2024-23185-1.patch: limit header block to 10MB by default in src/lib-mail/message-header-parser.c, src/lib-mail/message-header-parser.h, src/lib-mail/test-message-header-parser.c. - debian/patches/CVE-2024-23185-2.patch: limit headers total count to 50MB by default in src/lib-mail/message-parser-private.h, src/lib-mail/message-parser.c, src/lib-mail/message-parser.h, src/lib-mail/test-message-parser.c. - CVE-2024-23185 -- Marc Deslauriers <email address hidden> Wed, 11 Sep 2024 08:08:49 -0400

Source diff to previous version

CVE-2024-23185

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. Howe

Version: 1:2.3.7.2-1ubuntu3.6 2022-07-11 16:07:16 UTC

dovecot (1:2.3.7.2-1ubuntu3.6) focal-security; urgency=medium * SECURITY UPDATE: privilege escalation via multiple passdbs - debian/patches/CVE-2022-30550.patch: fix handling passdbs with identical driver/args but different mechanisms/username_filter in src/auth/auth-request.c, src/auth/auth.c, src/auth/auth.h, src/auth/passdb.c, src/auth/passdb.h. - CVE-2022-30550 -- Marc Deslauriers <email address hidden> Thu, 07 Jul 2022 13:17:38 -0400

Source diff to previous version

CVE-2022-30550

Privilege escalation possible in dovecot when imilar master and non-master passdbs are used

Version: 1:2.3.7.2-1ubuntu3.5 2021-10-07 02:06:26 UTC

dovecot (1:2.3.7.2-1ubuntu3.5) focal; urgency=medium * d/p/handle-unbounded-mime.patch: Fix crash during deinit when searching mails with non-ending MIME boundaries. (LP: #1912118) -- Bryce Harrington <email address hidden> Sun, 11 Apr 2021 13:25:41 -0700

Source diff to previous version

1912118

assertion failure in message_part_finish when searching large folder

Version: 1:2.3.7.2-1ubuntu3.4 2021-06-21 15:06:38 UTC

dovecot (1:2.3.7.2-1ubuntu3.4) focal-security; urgency=medium * SECURITY UPDATE: plaintext command injection before STARTTLS - debian/patches/CVE-2021-33515.patch: properly handle command queue in src/lib-smtp/smtp-server-cmd-starttls.c, src/lib-smtp/smtp-server-connection.c. - CVE-2021-33515 -- Marc Deslauriers <email address hidden> Wed, 16 Jun 2021 09:12:21 -0400

Source diff to previous version

CVE-2021-33515

SMTP Submission service STARTTLS injection

Version: 1:2.3.7.2-1ubuntu3.3 2021-01-04 16:06:22 UTC

Version: 1:2.3.7.2-1ubuntu3.3	2021-01-04 16:06:22 UTC
dovecot (1:2.3.7.2-1ubuntu3.3) focal-security; urgency=medium * SECURITY UPDATE: information disclosure via imap hibernation - debian/patches/CVE-2020-24386-1.patch: escape tag when sending it to imap-hibernate process in src/imap/imap-client-hibernate.c. - debian/patches/CVE-2020-24386-2.patch: add unit test for imap-client-hibernate in src/imap/Makefile.am, src/imap/imap-client-hibernate.c, src/imap/imap-client.h, src/imap/test-imap-client-hibernate.c. - CVE-2020-24386 * SECURITY UPDATE: remote DoS via large number of MIME parts - debian/patches/CVE-2020-25275-1.patch: fix assert-crash when enforcing MIME part limit in src/lib-mail/message-parser.c, src/lib-mail/test-message-parser.c. - debian/patches/CVE-2020-25275-2.patch: don't generate invalid BODYSTRUCTURE when reaching MIME part limit in src/lib-imap/imap-bodystructure.c. - CVE-2020-25275 -- Marc Deslauriers <email address hidden> Mon, 28 Dec 2020 11:04:43 -0500

dovecot (1:2.3.7.2-1ubuntu3.3) focal-security; urgency=medium * SECURITY UPDATE: information disclosure via imap hibernation - debian/patches/CVE-2020-24386-1.patch: escape tag when sending it to imap-hibernate process in src/imap/imap-client-hibernate.c. - debian/patches/CVE-2020-24386-2.patch: add unit test for imap-client-hibernate in src/imap/Makefile.am, src/imap/imap-client-hibernate.c, src/imap/imap-client.h, src/imap/test-imap-client-hibernate.c. - CVE-2020-24386 * SECURITY UPDATE: remote DoS via large number of MIME parts - debian/patches/CVE-2020-25275-1.patch: fix assert-crash when enforcing MIME part limit in src/lib-mail/message-parser.c, src/lib-mail/test-message-parser.c. - debian/patches/CVE-2020-25275-2.patch: don't generate invalid BODYSTRUCTURE when reaching MIME part limit in src/lib-imap/imap-bodystructure.c. - CVE-2020-25275 -- Marc Deslauriers <email address hidden> Mon, 28 Dec 2020 11:04:43 -0500

About - Send Feedback to @ubuntu_updates

Package "dovecot"

Links

Other versions of "dovecot" in Focal

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

updates

proposed

security

PPA updates