Back to dovecot PTS page

Accepted dovecot 1:2.3.4.1-5+deb10u5 (source) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 28 Dec 2020 15:18:55 -0800
Source: dovecot
Architecture: source
Version: 1:2.3.4.1-5+deb10u5
Distribution: buster-security
Urgency: high
Maintainer: Dovecot Maintainers <dovecot@packages.debian.org>
Changed-By: Noah Meyerhans <noahm@debian.org>
Changes:
 dovecot (1:2.3.4.1-5+deb10u5) buster-security; urgency=high
 .
   * Import upstream fix for security issues:
     - CVE-2020-24386 - When imap hibernation is active, an attacker can cause
       Dovecot to discover file system directory structure and access other
       users' emails using specially crafted command. The attacker must have
       valid credentials to access the mail server.
     - CVE-2020-25275 -  Mail delivery / parsing crashed when the 10 000th MIME
       part was message/rfc822 (or if parent was multipart/digest).
Checksums-Sha1:
 56e04cb1af0a6bc47d7defc6307d18de2b7b9492 3400 dovecot_2.3.4.1-5+deb10u5.dsc
 3df91de7fa94587c4236cdcdedbc58db4086f4d1 559776 dovecot_2.3.4.1-5+deb10u5.debian.tar.xz
 68505eb6f54bd90e1e79a57bc8d221ae9ae24208 8419 dovecot_2.3.4.1-5+deb10u5_source.buildinfo
Checksums-Sha256:
 41dc7f7f674d55e3ee16952cebad0cea2322faf929f70f27e58280d9734d63c5 3400 dovecot_2.3.4.1-5+deb10u5.dsc
 6d0dd8738c7b9bf3014e00a6827e9601abcba75248e1c208c3e35eff7c380e53 559776 dovecot_2.3.4.1-5+deb10u5.debian.tar.xz
 0f2ba7e903996ff2b1cebc71004d3ed8f823a9e890d683b35623c172e6d1c41e 8419 dovecot_2.3.4.1-5+deb10u5_source.buildinfo
Files:
 fa7ae7cec977dcc25d51263512975849 3400 mail optional dovecot_2.3.4.1-5+deb10u5.dsc
 c3db6d62719359ce6cbd3a6740a793fb 559776 mail optional dovecot_2.3.4.1-5+deb10u5.debian.tar.xz
 d3e51b5efcfd655e5baa2905118b70b6 8419 mail optional dovecot_2.3.4.1-5+deb10u5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE65xaF5r2LDCTz+zyV68+Bn2yWDMFAl/tThIRHG5vYWhtQGRl
Ymlhbi5vcmcACgkQV68+Bn2yWDOc+xAAvBEwBNqoDG4XR/DN4twwoaum1dlONl8d
Ugmpfk+K2SD5FQyHfDCXWhUko5x3l697S1g04kferKFOsoWS1h9IsNP9SqWYb70G
gh14VnUmv1PTnxEvgPKMsc8YTETR600jKgEgAL4vNklz585ka+JqfJkx/S5bRNQQ
57zq112/EBuxJPzj6KgJu0o/BKg2s6uJX+9ZBg1V94PEuXWNAOc0jsOQD8Qwkmt6
Ch6lgqGRyIJCFZCWFPJzJkfMfDex2W6fmlYXCU1dQnKwocMkoAKrDW3En2+8Ufr7
XrER9tg9pW/68KNLTGCwFeh7APMUVj28zoMAi0Tw1IJ95Pvny2e9tT2uXGBqIYVB
RlyMS7T5BLrQFAfQo7gxaX5MdNGwN/I383ABbVHFypiFQVv0wT9g85Eo2tjgOdvH
NgrLxQuN5AFaXMcaf65RiHJcMZxcWgbbqwLw/40BGmrV3W7BXHql3aPZODatg6iI
SlDITGkHZgRBZ/uZnBNaCW4ENu+hLIYVIE0WkKuzPivkgZA901BnX6yUmRWQC+K/
liTR5Vx8emqyk5DMeEiOBSt3oiVMCFNLVyjPI5bjcEOIlfaMXFyOCLhf5INHjM9t
yU38LgEOnzs2HSR0LUbgsVc70Ir+cJgzOtpk8aCxiqVjW9erUSglQ3N+bhLLK56p
CiNs87PXc4A=
=NtN6
-----END PGP SIGNATURE-----