UbuntuUpdates.org

Package "dovecot"

Name: dovecot

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • secure POP3/IMAP server - core files
  • secure POP3/IMAP server - header files
  • secure POP3/IMAP server - IMAP daemon
  • secure POP3/IMAP server - POP3 daemon
Latest version: 1:2.3.21+dfsg1-2ubuntu6.2
Release: noble (24.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "dovecot" in Noble

Repository Area Version
base universe 1:2.3.21+dfsg1-2ubuntu5
base main 1:2.3.21+dfsg1-2ubuntu5
security main 1:2.3.21+dfsg1-2ubuntu6
security universe 1:2.3.21+dfsg1-2ubuntu6
updates universe 1:2.3.21+dfsg1-2ubuntu6.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2.3.21+dfsg1-2ubuntu6.2 2026-03-11 23:08:01 UTC

  dovecot (1:2.3.21+dfsg1-2ubuntu6.2) noble; urgency=medium

  * Fix OAuth2 JWT validation when "aud" claim in an array (LP: #2142200)

 -- Guilherme Puida Moreira <email address hidden> Wed, 25 Feb 2026 15:44:17 -0300
Source diff to previous version
2142200 dovecot-core: OAuth2 JWT validation fails with client_id set but aud is missing when aud claim is an array

Version: 1:2.3.21+dfsg1-2ubuntu6.1 2025-11-13 20:07:46 UTC

  dovecot (1:2.3.21+dfsg1-2ubuntu6.1) noble; urgency=medium

  * Update PBKDF2 salt length to be FIPS 140-3 compliant (LP: #2107773).

 -- Eric Berry <email address hidden> Fri, 03 Oct 2025 15:37:20 -0700
Source diff to previous version

Version: 1:2.3.21+dfsg1-2ubuntu6 2024-09-02 06:07:13 UTC

  dovecot (1:2.3.21+dfsg1-2ubuntu6) noble-security; urgency=medium

  * Patches for CVE-2024-23184, CVE-2024-23185 (LP: #2077324).
    - CVE-2024-23184: A large number of address headers in email resulted
      in excessive CPU usage.
      + d/p/CVE-2024-23184-1-lib-test-llist-Fix-dllist2-test-name.patch
      + d/p/CVE-2024-23184-2-lib-Add-DLLIST2_JOIN.patch
      + d/p/CVE-2024-23184-3-lib-mail-test-imap-envelope-Use-test_assert_idx-where-pos.patch
      + d/p/CVE-2024-23184-4-lib-mail-Change-message_address-to-be-doubly-linked-list.patch
      + d/p/CVE-2024-23184-5-lib-mail-Add-message_address_parse_full-and-struct-messag.patch
      + d/p/CVE-2024-23184-6-lib-mail-lib-imap-Optimize-parsing-large-number-of-addres.patch
    - CVE-2024-23185: Abnormally large email headers are now truncated or
      discarded, with a limit of 10MB on a single header and 50MB for all
      the headers of all the parts of an email.
      + d/p/CVE-2024-23185-1-lib-mail-message-header-parser-Limit-header-block-to-10MB.patch
      + d/p/CVE-2024-23185-2-lib-mail-message-parser-Limit-headers-total-count-to-50MB.patch
    For more information see the following articles:
    CVE-2024-23184 - https://www.openwall.com/lists/oss-security/2024/08/15/3
    CVE-2024-23185 - https://www.openwall.com/lists/oss-security/2024/08/15/4

 -- Mitchell Dzurick <email address hidden> Mon, 26 Aug 2024 08:52:27 -0700
2077324 [FFE] CVE-2024-23184/CVE-2024-23185


About   -   Send Feedback to @ubuntu_updates