Package "dovecot"

Name:	dovecot
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: secure POP3/IMAP server - GSSAPI support secure POP3/IMAP server - LDAP support secure POP3/IMAP server - LMTP server secure POP3/IMAP server - Lucene support
Latest version:	1:2.2.22-1ubuntu2.14
Release:	xenial (16.04)
Level:	updates
Repository:	universe

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "dovecot" in Xenial

Repository	Area	Version
base	main	1:2.2.22-1ubuntu2
base	universe	1:2.2.22-1ubuntu2
security	universe	1:2.2.22-1ubuntu2.14
security	main	1:2.2.22-1ubuntu2.14
updates	main	1:2.2.22-1ubuntu2.14

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 1:2.2.22-1ubuntu2.14 2021-01-04 16:06:16 UTC

Version: 1:2.2.22-1ubuntu2.14	2021-01-04 16:06:16 UTC
dovecot (1:2.2.22-1ubuntu2.14) xenial-security; urgency=medium * SECURITY UPDATE: remote DoS via large number of MIME parts - debian/patches/CVE-2020-25275-1.patch: fix assert-crash when enforcing MIME part limit in src/lib-mail/message-parser.c. - debian/patches/CVE-2020-25275-2.patch: don't generate invalid BODYSTRUCTURE when reaching MIME part limit in src/lib-imap/imap-bodystructure.c. - CVE-2020-25275 -- Marc Deslauriers <email address hidden> Mon, 28 Dec 2020 16:30:18 -0500
Source diff to previous version

dovecot (1:2.2.22-1ubuntu2.14) xenial-security; urgency=medium * SECURITY UPDATE: remote DoS via large number of MIME parts - debian/patches/CVE-2020-25275-1.patch: fix assert-crash when enforcing MIME part limit in src/lib-mail/message-parser.c. - debian/patches/CVE-2020-25275-2.patch: don't generate invalid BODYSTRUCTURE when reaching MIME part limit in src/lib-imap/imap-bodystructure.c. - CVE-2020-25275 -- Marc Deslauriers <email address hidden> Mon, 28 Dec 2020 16:30:18 -0500

Source diff to previous version

Version: 1:2.2.22-1ubuntu2.13 2020-08-12 15:07:10 UTC

Version: 1:2.2.22-1ubuntu2.13	2020-08-12 15:07:10 UTC
dovecot (1:2.2.22-1ubuntu2.13) xenial-security; urgency=medium * SECURITY UPDATE: DoS via deeply nested MIME parts - debian/patches/CVE-2020-12100/.patch: backports of upstream patches to fix the issue. - CVE-2020-12100 SECURITY UPDATE: DoS via incorrect NTLM message buffer size - debian/patches/CVE-2020-12673/.patch: check buffer length in src/lib-ntlm/ntlm-message.c. - CVE-2020-12673 SECURITY UPDATE: DoS via zero-length message - debian/patches/CVE-2020-12674/*.patch: fail on zero-length buffer in src/auth/mech-rpa.c. - CVE-2020-12674 -- Marc Deslauriers <email address hidden> Thu, 06 Aug 2020 09:40:07 -0400
Source diff to previous version

dovecot (1:2.2.22-1ubuntu2.13) xenial-security; urgency=medium * SECURITY UPDATE: DoS via deeply nested MIME parts - debian/patches/CVE-2020-12100/*.patch: backports of upstream patches to fix the issue. - CVE-2020-12100 * SECURITY UPDATE: DoS via incorrect NTLM message buffer size - debian/patches/CVE-2020-12673/*.patch: check buffer length in src/lib-ntlm/ntlm-message.c. - CVE-2020-12673 * SECURITY UPDATE: DoS via zero-length message - debian/patches/CVE-2020-12674/*.patch: fail on zero-length buffer in src/auth/mech-rpa.c. - CVE-2020-12674 -- Marc Deslauriers <email address hidden> Thu, 06 Aug 2020 09:40:07 -0400

Source diff to previous version

Version: 1:2.2.22-1ubuntu2.12	2019-08-28 22:07:07 UTC
`dovecot (1:2.2.22-1ubuntu2.12) xenial-security; urgency=medium * SECURITY REGRESSION: updating CVE-2019-11500-3.patch with the right check -- <email address hidden> (Leonidas S. Barbosa) Wed, 28 Aug 2019 13:23:21 -0300`
Source diff to previous version

Version: 1:2.2.22-1ubuntu2.11 2019-08-28 15:07:05 UTC

Version: 1:2.2.22-1ubuntu2.11	2019-08-28 15:07:05 UTC
dovecot (1:2.2.22-1ubuntu2.11) xenial-security; urgency=medium * SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds heap memory writes - debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with NULs in src/lib-imap/imap-parser.c and pigeonhole/src/lib-managesieve/managesieve-parser.c, make sure str_unescape won't be writing past allocated memory in src/lib-imap/imap-parser.c and pieonhole/src/lig-managesieve/managesieve-parser.c. - CVE-2019-11500 -- <email address hidden> (Leonidas S. Barbosa) Wed, 14 Aug 2019 13:19:55 -0300
Source diff to previous version

dovecot (1:2.2.22-1ubuntu2.11) xenial-security; urgency=medium * SECURITY UPDATE: IMAP do not properly handled NULL byte - bounds heap memory writes - debian/patches/CVE-2019-11500-*.patch: doesn't accept strings with NULs in src/lib-imap/imap-parser.c and pigeonhole/src/lib-managesieve/managesieve-parser.c, make sure str_unescape won't be writing past allocated memory in src/lib-imap/imap-parser.c and pieonhole/src/lig-managesieve/managesieve-parser.c. - CVE-2019-11500 -- <email address hidden> (Leonidas S. Barbosa) Wed, 14 Aug 2019 13:19:55 -0300

Source diff to previous version

Version: 1:2.2.22-1ubuntu2.10 2019-04-01 14:06:17 UTC

dovecot (1:2.2.22-1ubuntu2.10) xenial-security; urgency=medium * SECURITY UPDATE: stack overflow when reading FTS or POP3-UIDL header - debian/patches/CVE-2019-7524-2.patch: fix buffer overflow when reading oversized fts header in src/plugins/fts/fts-api.c. - CVE-2019-7524 -- Marc Deslauriers <email address hidden> Fri, 29 Mar 2019 08:02:32 -0400

CVE-2019-7524

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to

About - Send Feedback to @ubuntu_updates

Package "dovecot"

Links

Other versions of "dovecot" in Xenial

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

updates

proposed

security

PPA updates