Accepted dovecot 1:2.3.4.1-5+deb10u2 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 May 2020 22:09:08 +0200
Source: dovecot
Architecture: source
Version: 1:2.3.4.1-5+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Dovecot Maintainers <dovecot@packages.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 960963
Changes:
dovecot (1:2.3.4.1-5+deb10u2) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Apply upstream fixes for CVE-2020-10957, CVE-2020-10958 and CVE-2020-10967
(Closes: #960963)
- lib-smtp: smtp-server-cmd-vrfy - Restructure parameter parsing.
- lib-smtp: smtp-syntax - Do not allow NULL return parameters for
smtp_string_parse().
- lib-smtp: smtp-syntax - Do not allow NULL return parameters for
smtp_xtext_parse().
- lib-smtp: syntax: Fix smtp_ehlo_line_parse() to also record the last
parameter.
- lib-smtp: smtp-syntax - Do not allow NULL return parameters for
smtp_ehlo_line_parse().
- lib-smtp: smtp-syntax - Return 0 for smtp_string_parse() with empty
input.
- lib-smtp: Add tests for smtp_string_parse() and smtp_string_write().
- lib-smtp: test-smtp-server-errors - Add tests for VRFY and NOOP commands
with invalid parameters.
- lib-smtp: server: command: Move core of
smtp_server_command_submit_reply() into a separate function.
- lib-smtp: smtp-server-command - Assign cmd->reg immediately.
- lib-smtp: smtp-server-command - Guarantee that non-destroy hooks aren't
called for an ended command.
- lib-smtp: smtp-server-command - Perform initial command execution in
separate function.
- lib-smtp: smtp-server-connection - Hold a command reference while
executing a command.
- lib-smtp: test-smtp-server-errors - Add tests for large series of empty
and bad commands.
- lib-smtp: smtp-address - Don't return NULL from smtp_address_clone*()
unless the input is NULL.
- lib-smtp: smtp-address - Don't recognize an address with empty localpart
as <>.
- lmtp: lmtp-commands - Explicity prohibit empty RCPT path.
Checksums-Sha1:
230c2d5e6f076e2e996da0f5a4fc583de25598b7 3495 dovecot_2.3.4.1-5+deb10u2.dsc
ec2650b2bb22a52e3bcb0df4db03f5ecc6470599 542620 dovecot_2.3.4.1-5+deb10u2.debian.tar.xz
Checksums-Sha256:
5de6378355c8a3a009f7427ed536bc96e531ed09d4575bd3047a7f471e703d43 3495 dovecot_2.3.4.1-5+deb10u2.dsc
3ac89b81095e4719909559b6a74c141f68cb41ccb2176212e93182a7882a5f65 542620 dovecot_2.3.4.1-5+deb10u2.debian.tar.xz
Files:
ef25418b915cee60d039a457c6ac0cb2 3495 mail optional dovecot_2.3.4.1-5+deb10u2.dsc
16cbf3291de9d16c6f5d8ebd9a7dcedf 542620 mail optional dovecot_2.3.4.1-5+deb10u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7C8UhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EftkP/2Ub1SF2KIMpXJw2vCT/ToPf6i1pGyMw
mcahAu6kpyDCOCXKeO69wJI5I/0cPJ77rxRrrlpBEsxGQKBvPKHC7Ya1dOYGIiE3
BMjw6/2UXR7t1FxydL0jz40/pABQ+ZOsp4SQOiswCz8xK6aoZjFFY/EuJw4Hv/pp
8nPBrscaGJbIqWl9WmfJQhwOBBRyQHeVmkFsMN1se050hL2Z/8P8B1E8kH5bV9Jc
9isVNu2aJAC+kD+QEO/zgzR/XX+Wp/OXXEbakxde97HranQ0EE1XmhmjCeFipFYk
2yf2TbR1Deh4TRee7OFTkaxBYulAT4OrG240++ckePSplt6EsOgg8xQa4muANSqF
n89P2t3etUeG1W1DORe1UsH4Zk1S4JyrrVl3ZMdkgpIoGnOayLQb4SxDruBzkXjP
ntBfcff449u2n9+cHsbRAhhfLaKmMwhvcPC9bifqSzDk1HAFMqKAONUWrIi8WbAd
wTZSb4je6gZ3YECp/SGPTl+Se8mRMKWMwXxwNQFVB3NhHL7kJH8QQ2SDLWI+Rped
IV/n97mZXteR3zMKS1sPm8CQNbJ+JQBXmz6d/BbDpF/Xw5XB+S6TCL5CWOcTjHZA
C8QF7dGaQFlZ61tv2MMms6k646dTF+PGYpPuOerW3cqt1LTuhoZNPQ0zfzwsJxNU
g2uqAqoVp+hw
=V+Pb
-----END PGP SIGNATURE-----