Back to dovecot PTS page

Accepted dovecot 1:2.2.27-3+deb9u6 (source) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 14 Aug 2020 12:28:38 -0400
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg
Architecture: source
Version: 1:2.2.27-3+deb9u6
Distribution: stretch-security
Urgency: high
Maintainer: Dovecot Maintainers <jaldhar-dovecot@debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 dovecot-core - secure POP3/IMAP server - core files
 dovecot-dbg - secure POP3/IMAP server - debug symbols
 dovecot-dev - secure POP3/IMAP server - header files
 dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
 dovecot-imapd - secure POP3/IMAP server - IMAP daemon
 dovecot-ldap - secure POP3/IMAP server - LDAP support
 dovecot-lmtpd - secure POP3/IMAP server - LMTP server
 dovecot-lucene - secure POP3/IMAP server - Lucene support
 dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
 dovecot-mysql - secure POP3/IMAP server - MySQL support
 dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
 dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
 dovecot-sieve - secure POP3/IMAP server - Sieve filters support
 dovecot-solr - secure POP3/IMAP server - Solr support
 dovecot-sqlite - secure POP3/IMAP server - SQLite support
Closes: 968302
Changes:
 dovecot (1:2.2.27-3+deb9u6) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to
     resource exhaustion as Dovecot attempts to parse it. (Closes: #968302)
   * CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check
     message buffer size, which leads to reading past allocation which can lead
     to crash.
   * CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts zero-length
     message, which leads to assert-crash later on.
Checksums-Sha1:
 74a598e83f156a5aed6cf46dfe2e46fe0f482af1 3416 dovecot_2.2.27-3+deb9u6.dsc
 f3b7f14efe82e22e6a92e6fd8ccddfce5ea2e316 879448 dovecot_2.2.27-3+deb9u6.debian.tar.xz
 e50fe33d6b582c63e32c162e867804e6f25999ca 12648 dovecot_2.2.27-3+deb9u6_amd64.buildinfo
Checksums-Sha256:
 7061903ec2c3fa5ba087868ed7c577ed3f679866d439b2c2f1eada07cf62d2c8 3416 dovecot_2.2.27-3+deb9u6.dsc
 52ceb32f6e14ff867f9c5200edd553fa161766e00484c26434b00ee485915634 879448 dovecot_2.2.27-3+deb9u6.debian.tar.xz
 9f8eaac8a17ea5cae7a03ecd95aedc43c0f526de90233eb3a7a0be1a2b2dffaa 12648 dovecot_2.2.27-3+deb9u6_amd64.buildinfo
Files:
 699896ddb031894fc6c50f9461e892fc 3416 mail optional dovecot_2.2.27-3+deb9u6.dsc
 671661976b8559941b078268791dbbab 879448 mail optional dovecot_2.2.27-3+deb9u6.debian.tar.xz
 650a5dcb3cb2c2b79e382b46854c5bae 12648 mail optional dovecot_2.2.27-3+deb9u6_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl84VRwACgkQLNd4Xt2n
sg/n5hAAlLXn+DyafE0BM/N737V/whNQXCxV4Oo8DgDIVWuYUI0PMvftxmho4fTs
p8WMG/zrWDr0QN2Gn7HW+EbEa3oHHsyMEmg85br6J2Y/kA6ie/m44ZTSMxmIlHKO
U5U6ig0v81ocR8y2DEN9ZHu7zaXYKAooYnnRaE//UMm0rudWc0+bMdjDnn21zVbv
BxnAuDnWQMrvlKNgbA3Ugq8ff+QVwDqr6A249QO8ouY/CLwzQZdVgNdQ2UHJZ7K2
IP1Bwg+uvH1T20vY+qV2eSsri+O9tbEtzROJHpCC23gv9z6LW2nt2jrmiJXkkyOd
KRZIdVq5vlBb5RRiRrhI2slnh0TjLMbX8X+M3hGqVmMjuEyrG7EsDJfNDuoxFnF1
9t/kFb6KYUQDUOeKhg57FCIilstsb60T4kvw44jxvcRSq2BN0WZ3DGjsbDFF+WrP
5zGDfE3Oj8t8cdLVw1dDScHXJ8vRUDlNBWWeUyB+NQVE2si24qF744b6+xVA/+re
nnt1G2EOpC1q0p6MgnFrJJkb/Q6VzAKCDSHOMeK7fu8YmrO74Bd20T7Du50yKV1t
Nr4NpTlsJ38DunbfBuhGkpnrEvtnWAWrT/zOJDn0ognkzvYL06SH2nswhRwY2yXa
HWE17KCNW0w+Mv+bYd5+1oq09sxM2wR9G9R5xYXl0NyHy/lmzVA=
=g4XC
-----END PGP SIGNATURE-----