-
dovecot (1:2.2.9-1ubuntu2.6) trusty-security; urgency=medium
* SECURITY UPDATE: stack overflow when reading FTS or POP3-UIDL header
- debian/patches/CVE-2019-7524-2.patch: fix buffer overflow when
reading oversized fts header in src/plugins/fts/fts-api.c.
- CVE-2019-7524
-- Marc Deslauriers <email address hidden> Fri, 29 Mar 2019 08:03:10 -0400
-
dovecot (1:2.2.9-1ubuntu2.5) trusty-security; urgency=medium
* SECURITY UPDATE: incorrect client certificate validation
- debian/patches/CVE-2019-3814-1.patch: do not import empty certificate
username in src/auth/auth-request.c.
- debian/patches/CVE-2019-3814-2.patch: fail authentication if
certificate username was unexpectedly missing in
src/auth/auth-request-handler.c.
- debian/patches/CVE-2019-3814-3.patch: ensure we get username from
certificate in src/login-common/sasl-server.c.
- CVE-2019-3814
-- Marc Deslauriers <email address hidden> Mon, 28 Jan 2019 08:53:54 -0500
-
dovecot (1:2.2.9-1ubuntu2.4) trusty-security; urgency=medium
* SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
- debian/patches/CVE-2017-14461/*.patch: upstream parsing fixes.
- CVE-2017-14461
* SECURITY UPDATE: TLS SNI config lookups DoS
- debian/patches/CVE-2017-15130/*.patch: upstream config filtering fix.
- CVE-2017-15130
-- Marc Deslauriers <email address hidden> Tue, 27 Feb 2018 09:31:36 -0500
-
dovecot (1:2.2.9-1ubuntu2.3) trusty-security; urgency=medium
* SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
- debian/patches/CVE-2017-15132.patch: fix memory leak in
auth_client_request_abort() in src/lib-auth/auth-client-request.c.
- debian/patches/CVE-2017-15132-additional.patch: remove request after
abort in src/lib-auth/auth-client-request.c,
src/lib-auth/auth-server-connection.c,
src/lib-auth/auth-serser-connection.h.
- CVE-2017-15132
-- <email address hidden> (Leonidas S. Barbosa) Wed, 31 Jan 2018 12:54:53 -0300
-
dovecot (1:2.2.9-1ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via SSL connection exhaustion
- debian/patches/CVE-2014-3430.patch: properly close connections in
src/login-common/client-common.c,
src/login-common/ssl-proxy-openssl.c,
src/login-common/ssl-proxy.h.
- CVE-2014-3430
-- Marc Deslauriers <email address hidden> Wed, 14 May 2014 13:14:05 -0400
-
dovecot (1:2.2.9-1ubuntu2) trusty; urgency=medium
* d/dovecot-core.config: Drop db_input for ssl-cert-exists; this message
not actually an error, is documented in the README.Debian, and blocks
automated upgrades (LP: #1278897).
-- James Page <email address hidden> Fri, 07 Mar 2014 12:42:58 +0000
-
dovecot (1:2.2.9-1ubuntu1) trusty; urgency=medium
* Merge from Debian unstable, remaining changes:
+ Add mail-stack-delivery package:
- Update d/rules
- d/control: convert existing dovecot-postfix package to a dummy
package and add new mail-stack-delivery package.
- Update maintainer scripts.
- Rename d/dovecot-postfix.* to debian/mail-stack-delivery.*
- d/mail-stack-delivery.preinst: Move previously installed backups and
config files to a new package namespace.
- d/mail-stack-delivery.prerm: Added to handle downgrades.
+ Use Snakeoil SSL certificates by default:
- d/control: Depend on ssl-cert.
- d/dovecot-core.postinst: Relax grep for SSL_* a bit.
+ Add autopkgtest to debian/tests/*.
+ Add ufw integration:
- d/dovecot-core.ufw.profile: new ufw profile.
- d/rules: install profile in dovecot-core.
- d/control: dovecot-core - suggest ufw.
+ d/dovecot-core.dirs: Added usr/share/doc/dovecot-core
+ Add apport hook:
- d/rules, d/source_dovecot.py
+ Add upstart job:
- d/rules, d/dovecot-core.dovecot.upstart, d/control,
d/dovecot-core.dirs, dovecot-imapd.{postrm, postinst, prerm},
d/dovecot-pop3d.{postinst, postrm, prerm}.
d/mail-stack-deliver.postinst: Convert init script to upstart.
+ Use the autotools-dev dh addon to update config.guess/config.sub for
arm64.
* Dropped changes, included in Debian:
- Update Dovecot name to reflect distribution in login greeting.
- Update Drac plugin for >= 2.0.0 support.
* d/control: Drop dovecot-postfix package as its no longer required.
dovecot (1:2.2.9-1) unstable; urgency=low
[ Jaldhar H. Vyas ]
* [77468cf] Imported Upstream version 2.2.9
* [43e08f3] Place dovenull user in its own group. (Closes: #725164)
* [e1a3e9c] Handled the fact that dovecot-db.conf.ext is no longer used.
(Closes: #728107, #730403)
[Debconf translation updates]
* Russian (Yuri Kozlov). (Closes: #729106)
* German (Chris Leick). (Closes: #729358)
* Danish (Joe Hansen). (Closes: #729425)
* French (Julien Patriarca). (Closes: #729966)
* Portuguese (Américo Monteiro). (Closes: #730006)
* Polish (Michał Kułach). (Closes: #730061)
* Italian (Beatrice Torracca). (Closes: #730136)
* Japanese (victory). (Closes: #73017)
* Swedish (Martin Bagge / brother). (Closes: #730188)
* Spanish; (Camaleón). (Closes: #730354)
dovecot (1:2.2.8-1) UNRELEASED; urgency=low
* [6157a2b] New upstream version 2.2.8
dovecot (1:2.2.5-1) experimental; urgency=low
[ Micah Anderson ]
* [a0035bf] New upstream version 2.2.5
* [a053c49] Update pigeonhole patch to 0.4.1
* [689cd67] refreshed patches
[ Jaldhar H. Vyas ]
* Caused bugs and then fixed them again.
dovecot (1:2.1.17-2) unstable; urgency=low
* [e8286e0] New version of drac patch taken from Ubuntu which works better
with 2.x (Closes: #716764)
* [23acb40] Add a patch from Ubuntu to report the distro name in the login
banner why not.
* [f8d566e] Don't need dovecot-common package anymore; get rid of it.
dovecot (1:2.1.17-1) experimental; urgency=low
[ Jaldhar H. Vyas ]
* [fa0d6aa] Re-enable mbox write locking patch to comply with policy 11.6
(Closes: #720502)
* [38691fb] New upstream version (Closes: #719021)
* [1361144] prompts in dovecot-core postinst debconfiscated.
* IN MEMORIAM: Goldy the Goldfish (2000-2013) You were a prince (or
perhaps princess?) among fish and we shall all miss you dearly.
May your karmas merit much punya in future lives.
dovecot (1:2.1.16-1) experimental; urgency=low
* [9741bd8] New Upstream version
* [3476489] Updated pigeonhole patch to 0.3.5
* [d4f236f] Removed some patches which are no longer required.
dovecot (1:2.1.7-8) experimental; urgency=low
* This version is not actually intended for upload. It merely undoes
some changes made for the the wheezy release. Namely, the following
features are back:
- TCP Wrappers support
- Hurd compatibility support
- Triggers.
-- James Page <email address hidden> Wed, 08 Jan 2014 09:35:49 +0000
-
dovecot (1:2.1.7-7ubuntu3) saucy; urgency=low
* Use the autotools-dev dh addon to update config.guess/config.sub for
arm64.
-- Colin Watson <email address hidden> Thu, 10 Oct 2013 11:55:27 +0100