Accepted dovecot 1:2.2.27-3+deb9u6 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 14 Aug 2020 12:28:38 -0400
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg
Architecture: source
Version: 1:2.2.27-3+deb9u6
Distribution: stretch-security
Urgency: high
Maintainer: Dovecot Maintainers <jaldhar-dovecot@debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
dovecot-core - secure POP3/IMAP server - core files
dovecot-dbg - secure POP3/IMAP server - debug symbols
dovecot-dev - secure POP3/IMAP server - header files
dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
dovecot-imapd - secure POP3/IMAP server - IMAP daemon
dovecot-ldap - secure POP3/IMAP server - LDAP support
dovecot-lmtpd - secure POP3/IMAP server - LMTP server
dovecot-lucene - secure POP3/IMAP server - Lucene support
dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
dovecot-mysql - secure POP3/IMAP server - MySQL support
dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
dovecot-sieve - secure POP3/IMAP server - Sieve filters support
dovecot-solr - secure POP3/IMAP server - Solr support
dovecot-sqlite - secure POP3/IMAP server - SQLite support
Closes: 968302
Changes:
dovecot (1:2.2.27-3+deb9u6) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* Fix CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to
resource exhaustion as Dovecot attempts to parse it. (Closes: #968302)
* CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can lead
to crash.
* CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts zero-length
message, which leads to assert-crash later on.
Checksums-Sha1:
74a598e83f156a5aed6cf46dfe2e46fe0f482af1 3416 dovecot_2.2.27-3+deb9u6.dsc
f3b7f14efe82e22e6a92e6fd8ccddfce5ea2e316 879448 dovecot_2.2.27-3+deb9u6.debian.tar.xz
e50fe33d6b582c63e32c162e867804e6f25999ca 12648 dovecot_2.2.27-3+deb9u6_amd64.buildinfo
Checksums-Sha256:
7061903ec2c3fa5ba087868ed7c577ed3f679866d439b2c2f1eada07cf62d2c8 3416 dovecot_2.2.27-3+deb9u6.dsc
52ceb32f6e14ff867f9c5200edd553fa161766e00484c26434b00ee485915634 879448 dovecot_2.2.27-3+deb9u6.debian.tar.xz
9f8eaac8a17ea5cae7a03ecd95aedc43c0f526de90233eb3a7a0be1a2b2dffaa 12648 dovecot_2.2.27-3+deb9u6_amd64.buildinfo
Files:
699896ddb031894fc6c50f9461e892fc 3416 mail optional dovecot_2.2.27-3+deb9u6.dsc
671661976b8559941b078268791dbbab 879448 mail optional dovecot_2.2.27-3+deb9u6.debian.tar.xz
650a5dcb3cb2c2b79e382b46854c5bae 12648 mail optional dovecot_2.2.27-3+deb9u6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl84VRwACgkQLNd4Xt2n
sg/n5hAAlLXn+DyafE0BM/N737V/whNQXCxV4Oo8DgDIVWuYUI0PMvftxmho4fTs
p8WMG/zrWDr0QN2Gn7HW+EbEa3oHHsyMEmg85br6J2Y/kA6ie/m44ZTSMxmIlHKO
U5U6ig0v81ocR8y2DEN9ZHu7zaXYKAooYnnRaE//UMm0rudWc0+bMdjDnn21zVbv
BxnAuDnWQMrvlKNgbA3Ugq8ff+QVwDqr6A249QO8ouY/CLwzQZdVgNdQ2UHJZ7K2
IP1Bwg+uvH1T20vY+qV2eSsri+O9tbEtzROJHpCC23gv9z6LW2nt2jrmiJXkkyOd
KRZIdVq5vlBb5RRiRrhI2slnh0TjLMbX8X+M3hGqVmMjuEyrG7EsDJfNDuoxFnF1
9t/kFb6KYUQDUOeKhg57FCIilstsb60T4kvw44jxvcRSq2BN0WZ3DGjsbDFF+WrP
5zGDfE3Oj8t8cdLVw1dDScHXJ8vRUDlNBWWeUyB+NQVE2si24qF744b6+xVA/+re
nnt1G2EOpC1q0p6MgnFrJJkb/Q6VzAKCDSHOMeK7fu8YmrO74Bd20T7Du50yKV1t
Nr4NpTlsJ38DunbfBuhGkpnrEvtnWAWrT/zOJDn0ognkzvYL06SH2nswhRwY2yXa
HWE17KCNW0w+Mv+bYd5+1oq09sxM2wR9G9R5xYXl0NyHy/lmzVA=
=g4XC
-----END PGP SIGNATURE-----