UbuntuUpdates.org

Package "dovecot-imapd"

Name: dovecot-imapd

Description:

secure POP3/IMAP server - IMAP daemon
Latest version: 1:2.2.22-1ubuntu2.14
Release: xenial (16.04)
Level: updates
Repository: main
Head package: dovecot
Homepage: http://dovecot.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dovecot-imapd"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dovecot-imapd" in Xenial

Repository Area Version
base main 1:2.2.22-1ubuntu2
security main 1:2.2.22-1ubuntu2.14

Changelog

Version: 1:2.2.22-1ubuntu2.9 2019-02-05 15:06:59 UTC

  dovecot (1:2.2.22-1ubuntu2.9) xenial-security; urgency=medium

  * SECURITY UPDATE: incorrect client certificate validation
    - debian/patches/CVE-2019-3814-1.patch: do not import empty certificate
      username in src/auth/auth-request.c.
    - debian/patches/CVE-2019-3814-2.patch: fail authentication if
      certificate username was unexpectedly missing in
      src/auth/auth-request-handler.c.
    - debian/patches/CVE-2019-3814-3.patch: ensure we get username from
      certificate in src/login-common/sasl-server.c.
    - CVE-2019-3814

 -- Marc Deslauriers <email address hidden> Mon, 28 Jan 2019 08:53:15 -0500
Source diff to previous version
CVE-2019-3814 Suitable client certificate can be used to login as other user

Version: 1:2.2.22-1ubuntu2.8 2018-07-26 11:06:49 UTC

  dovecot (1:2.2.22-1ubuntu2.8) xenial; urgency=medium

  * debian/*.triggers: change triggers to -noawait variety: there is no need
    for awaited triggers for the restarting of dovecot. (LP: #1780996)

 -- Mathieu Trudel-Lapierre <email address hidden> Wed, 11 Jul 2018 14:48:37 -0400
Source diff to previous version

Version: 1:2.2.22-1ubuntu2.7 2018-03-05 14:07:39 UTC

  dovecot (1:2.2.22-1ubuntu2.7) xenial-security; urgency=medium

  * SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
    - debian/patches/CVE-2017-14461/*.patch: upstream parsing fixes.
    - CVE-2017-14461
  * SECURITY UPDATE: TLS SNI config lookups DoS
    - debian/patches/CVE-2017-15130/*.patch: upstream config filtering fix.
    - CVE-2017-15130

 -- Marc Deslauriers <email address hidden> Tue, 27 Feb 2018 07:46:12 -0500
Source diff to previous version
CVE-2017-14461 A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive info
CVE-2017-15130 A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration

Version: 1:2.2.22-1ubuntu2.6 2018-02-01 20:07:11 UTC

  dovecot (1:2.2.22-1ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
    - debian/patches/CVE-2017-15132.patch: fix memory leak in
      auth_client_request_abort() in src/lib-auth/auth-client-request.c.
    - debian/patches/CVE-2017-15132-additional.patch: remove request after
      abort in src/lib-auth/auth-client-request.c,
      src/lib-auth/auth-server-connection.c,
      src/lib-auth/auth-serser-connection.h.
    - CVE-2017-15132

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 31 Jan 2018 12:58:33 -0300
Source diff to previous version
CVE-2017-15132 A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by log

Version: 1:2.2.22-1ubuntu2.4 2017-04-12 05:08:36 UTC
No changelog available yet.


About   -   Send Feedback to @ubuntu_updates