Debian Bug report logs - #627443
CVE-2011-1929

version graph

Package: dovecot; Maintainer for dovecot is Dovecot Maintainers <jaldhar-dovecot@debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Fri, 20 May 2011 16:45:08 UTC

Severity: grave

Tags: security

Found in version 1:1.2.15-4

Fixed in versions dovecot/1:2.0.13-1, dovecot/1:1.2.15-7

Done: Marco Nenciarini <mnencia@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Dovecot Maintainers <jaldhar-dovecot@debian.org>:
Bug#627443; Package dovecot. (Fri, 20 May 2011 16:45:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Dovecot Maintainers <jaldhar-dovecot@debian.org>. (Fri, 20 May 2011 16:45:11 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2011-1929
Date: Fri, 20 May 2011 18:44:46 +0200
Package: dovecot
Severity: grave
Tags: security

Hi Dovecot maintainers,
CVE-2011-1929 was assigned to the following issue fixed in
1.2.17 and 2.0.13:

| Fixed potential crashes and other problems when parsing
| header names that contained NUL characters.

http://dovecot.org/pipermail/dovecot/2011-May/059085.html
http://dovecot.org/pipermail/dovecot/2011-May/059086.html

Patch:
http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c

Could you contact upstream wrt the exact impact? What is
being crashed here, can someone only crash a delivery
thread or can the whole IMAP server be crashed through
malformed mail messages? In the latter case we should
release a DSA.

Cheers,
        Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash




Information forwarded to debian-bugs-dist@lists.debian.org, Dovecot Maintainers <jaldhar-dovecot@debian.org>:
Bug#627443; Package dovecot. (Fri, 20 May 2011 17:57:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Marco Nenciarini <mnencia@prato.linux.it>:
Extra info received and forwarded to list. Copy sent to Dovecot Maintainers <jaldhar-dovecot@debian.org>. (Fri, 20 May 2011 17:57:08 GMT) Full text and rfc822 format available.

Message #10 received at 627443@bugs.debian.org (full text, mbox):

From: Marco Nenciarini <mnencia@prato.linux.it>
To: Moritz Muehlenhoff <jmm@debian.org>, 627443@bugs.debian.org
Subject: Re: Bug#627443: CVE-2011-1929
Date: Fri, 20 May 2011 19:46:24 +0200
[Message part 1 (text/plain, inline)]
On 20/05/2011 18:44, Moritz Muehlenhoff wrote:
> Package: dovecot
> Severity: grave
> Tags: security
> 
> Hi Dovecot maintainers,
> CVE-2011-1929 was assigned to the following issue fixed in
> 1.2.17 and 2.0.13:
> 
> | Fixed potential crashes and other problems when parsing
> | header names that contained NUL characters.

I plan the upload of 2.0.13 for tomorror.

Regards,
Marco

-- 
---------------------------------------------------------------------
|    Marco Nenciarini    | Debian/GNU Linux Developer - Plug Member |
| mnencia@prato.linux.it | http://www.prato.linux.it/~mnencia       |
---------------------------------------------------------------------
Key fingerprint = FED9 69C7 9E67 21F5 7D95  5270 6864 730D F095 E5E4


[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Dovecot Maintainers <jaldhar-dovecot@debian.org>:
Bug#627443; Package dovecot. (Fri, 20 May 2011 19:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Timo Sirainen <tss@iki.fi>:
Extra info received and forwarded to list. Copy sent to Dovecot Maintainers <jaldhar-dovecot@debian.org>. (Fri, 20 May 2011 19:06:03 GMT) Full text and rfc822 format available.

Message #15 received at 627443@bugs.debian.org (full text, mbox):

From: Timo Sirainen <tss@iki.fi>
To: Moritz Muehlenhoff <jmm@debian.org>, 627443@bugs.debian.org
Subject: Re: Bug#627443: CVE-2011-1929
Date: Fri, 20 May 2011 21:41:35 +0300
On Fri, 2011-05-20 at 18:44 +0200, Moritz Muehlenhoff wrote:

> | Fixed potential crashes and other problems when parsing
> | header names that contained NUL characters.
> 
> Could you contact upstream wrt the exact impact? What is
> being crashed here, can someone only crash a delivery
> thread or can the whole IMAP server be crashed through
> malformed mail messages? In the latter case we should
> release a DSA.

It doesn't necessarily crash, just output some garbage, because the
basic problem is that it's reading a buffer past its used size. The
problematic parts are:

1) With mbox format it looks like it could be crashing/corrupting output
whenever reading/saving mails.

2) With non-mbox format there are only IMAP SEARCH and FETCH
HEADER[FIELDS...] commands that can cause crash/corruption.

3) Except with v2.0 if using external dbox attachment storage it can
also cause some crash/corruption.

Originally I was also hoping SMTP servers to drop any NULs in header
names, but looks like at least Postfix happily preserves them.






Information forwarded to debian-bugs-dist@lists.debian.org, Dovecot Maintainers <jaldhar-dovecot@debian.org>:
Bug#627443; Package dovecot. (Fri, 20 May 2011 20:33:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Marco Nenciarini <mnencia@prato.linux.it>:
Extra info received and forwarded to list. Copy sent to Dovecot Maintainers <jaldhar-dovecot@debian.org>. (Fri, 20 May 2011 20:33:06 GMT) Full text and rfc822 format available.

Message #20 received at 627443@bugs.debian.org (full text, mbox):

From: Marco Nenciarini <mnencia@prato.linux.it>
To: Moritz Muehlenhoff <jmm@debian.org>, 627443@bugs.debian.org
Subject: Re: Bug#627443: CVE-2011-1929
Date: Fri, 20 May 2011 22:28:54 +0200
[Message part 1 (text/plain, inline)]
On 20/05/2011 18:44, Moritz Muehlenhoff wrote:
> Package: dovecot
> Severity: grave
> Tags: security
> 
> Hi Dovecot maintainers,
> CVE-2011-1929 was assigned to the following issue fixed in
> 1.2.17 and 2.0.13:
>
> | Fixed potential crashes and other problems when parsing
> | header names that contained NUL characters.
> 
> http://dovecot.org/pipermail/dovecot/2011-May/059085.html
> http://dovecot.org/pipermail/dovecot/2011-May/059086.html
> 
> Patch:
> http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
> 

I've just realized that also the stable version is affected.
Tomorow I'll prepare the update on package's repository.

Regards,
Marco

-- 
---------------------------------------------------------------------
|    Marco Nenciarini    | Debian/GNU Linux Developer - Plug Member |
| mnencia@prato.linux.it | http://www.prato.linux.it/~mnencia       |
---------------------------------------------------------------------
Key fingerprint = FED9 69C7 9E67 21F5 7D95  5270 6864 730D F095 E5E4


[signature.asc (application/pgp-signature, attachment)]

Reply sent to Marco Nenciarini <mnencia@debian.org>:
You have taken responsibility. (Sun, 22 May 2011 22:36:06 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sun, 22 May 2011 22:36:06 GMT) Full text and rfc822 format available.

Message #25 received at 627443-close@bugs.debian.org (full text, mbox):

From: Marco Nenciarini <mnencia@debian.org>
To: 627443-close@bugs.debian.org
Subject: Bug#627443: fixed in dovecot 1:2.0.13-1
Date: Sun, 22 May 2011 22:32:30 +0000
Source: dovecot
Source-Version: 1:2.0.13-1

We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive:

dovecot-common_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-common_2.0.13-1_amd64.deb
dovecot-dbg_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-dbg_2.0.13-1_amd64.deb
dovecot-dev_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-dev_2.0.13-1_amd64.deb
dovecot-gssapi_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-gssapi_2.0.13-1_amd64.deb
dovecot-imapd_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-imapd_2.0.13-1_amd64.deb
dovecot-ldap_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-ldap_2.0.13-1_amd64.deb
dovecot-lmtpd_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-lmtpd_2.0.13-1_amd64.deb
dovecot-managesieved_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-managesieved_2.0.13-1_amd64.deb
dovecot-mysql_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-mysql_2.0.13-1_amd64.deb
dovecot-pgsql_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-pgsql_2.0.13-1_amd64.deb
dovecot-pop3d_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-pop3d_2.0.13-1_amd64.deb
dovecot-sieve_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-sieve_2.0.13-1_amd64.deb
dovecot-sqlite_2.0.13-1_amd64.deb
  to main/d/dovecot/dovecot-sqlite_2.0.13-1_amd64.deb
dovecot_2.0.13-1.debian.tar.gz
  to main/d/dovecot/dovecot_2.0.13-1.debian.tar.gz
dovecot_2.0.13-1.dsc
  to main/d/dovecot/dovecot_2.0.13-1.dsc
dovecot_2.0.13.orig.tar.gz
  to main/d/dovecot/dovecot_2.0.13.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 627443@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marco Nenciarini <mnencia@debian.org> (supplier of updated dovecot package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 21 May 2011 23:58:06 +0200
Source: dovecot
Binary: dovecot-common dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap dovecot-gssapi dovecot-sieve dovecot-dbg
Architecture: source amd64
Version: 1:2.0.13-1
Distribution: unstable
Urgency: high
Maintainer: Dovecot Maintainers <jaldhar-dovecot@debian.org>
Changed-By: Marco Nenciarini <mnencia@debian.org>
Description: 
 dovecot-common - secure mail server that supports mbox, maildir, dbox and mdbox ma
 dovecot-dbg - debug symbols for Dovecot
 dovecot-dev - header files for the dovecot mail server
 dovecot-gssapi - GSSAPI authentication support for Dovecot
 dovecot-imapd - secure IMAP server that supports mbox, maildir, dbox and mdbox ma
 dovecot-ldap - LDAP support for Dovecot
 dovecot-lmtpd - secure LMTP server for Dovecot
 dovecot-managesieved - secure ManageSieve server for Dovecot
 dovecot-mysql - MySQL support for Dovecot
 dovecot-pgsql - PostgreSQL support for Dovecot
 dovecot-pop3d - secure POP3 server that supports mbox, maildir, dbox and mdbox ma
 dovecot-sieve - sieve filters support for Dovecot
 dovecot-sqlite - SQLite support for Dovecot
Closes: 627443
Changes: 
 dovecot (1:2.0.13-1) unstable; urgency=high
 .
   [ Marco Nenciarini ]
   * [8af9e4d] New upstream version 2.0.13:
       + Added "doveadm index" command to add unindexed messages into
         index/cache. If full text search is enabled, it also adds unindexed
         messages to the fts database.
       + added "doveadm director dump" command.
       + pop3: Added support for showing messages in "POP3 order", which can
         be different from IMAP message order. This can be useful for
         migrations from other servers. Implemented it for Maildir as 'O'
         field in dovecot-uidlist.
       - doveconf: Fixed a wrong "subsection has ssl=yes" warning.
       - mdbox purge: Fixed wrong warning about corrupted extrefs.
       - sdbox: INBOX GUID changed when INBOX was autocreated, leading to
         trouble with dsync.
       - script-login binary wasn't actually dropping privileges to the
         user/group/chroot specified by its service settings.
       - Fixed potential crashes and other problems when parsing header names
         that contained NUL characters. (CVE-2011-1929)
     (Closes: #627443)
Checksums-Sha1: 
 a81bdc5e0e8141ae0c6fdf1231b7a43f533b9843 1691 dovecot_2.0.13-1.dsc
 31d556bd1659fb10e5edb45bab8951911151bbfb 3272542 dovecot_2.0.13.orig.tar.gz
 5e212346a84acf82f47cf7609458a425724eff7e 989015 dovecot_2.0.13-1.debian.tar.gz
 1b5a958a1e6853ba080ddb722130f3019b1b277e 2178118 dovecot-common_2.0.13-1_amd64.deb
 e3502178af40224a51b45dfabf0d4e8dad9633c3 440930 dovecot-dev_2.0.13-1_amd64.deb
 c30577256591283c9ebb186cb6e48a850a1c800c 316178 dovecot-imapd_2.0.13-1_amd64.deb
 752455fbdaf985dd85e5ab2f5f6f58cfb26ce993 256316 dovecot-pop3d_2.0.13-1_amd64.deb
 021d81c5660457cd1fc51e5fbb9dd4401f351f68 248996 dovecot-lmtpd_2.0.13-1_amd64.deb
 cca511fa89690189c6e2b6d17be8455b5c8b8d0d 283420 dovecot-managesieved_2.0.13-1_amd64.deb
 eb890c67d04c7ffe3408cbd094727a02a5d59ae6 241692 dovecot-pgsql_2.0.13-1_amd64.deb
 07f523bcf308c04391620176b00338c3992ce1ed 238616 dovecot-mysql_2.0.13-1_amd64.deb
 8cf279db43666d43dd846248c9ffecf4e1772a92 236986 dovecot-sqlite_2.0.13-1_amd64.deb
 3ed129ba6597819601800e2e6b9241ec103f0bb7 250606 dovecot-ldap_2.0.13-1_amd64.deb
 5040ad59e486d23e0b3a95bb628ccb528020e409 237284 dovecot-gssapi_2.0.13-1_amd64.deb
 51eb36f853b7705b14dbf8144e422a942dac4def 452602 dovecot-sieve_2.0.13-1_amd64.deb
 a0d05ea50bba52e4dd7f725b8150f09a25b04b48 5269124 dovecot-dbg_2.0.13-1_amd64.deb
Checksums-Sha256: 
 58da9f78f3aa2e3817643d42ddd141d21423de01a63dc7c9e22eb3380d99d4b1 1691 dovecot_2.0.13-1.dsc
 2b512263ec05bbd74cde5c697ad12250d9268eba1c8ce4a8144adea69308675d 3272542 dovecot_2.0.13.orig.tar.gz
 e4741a3d86e26fd698eeee8ca68b6f2e7716b87a7b37de633e40f45288a90cb0 989015 dovecot_2.0.13-1.debian.tar.gz
 f31d1eba13842e62a76e3ba440bdcf061bbfc38ee2b0f20850886d45b2adc495 2178118 dovecot-common_2.0.13-1_amd64.deb
 1893e10c3ec85d9326f76f6b179845f0c1d807642360abc7d4e180a6c7e1327b 440930 dovecot-dev_2.0.13-1_amd64.deb
 ddc9be8074fbb8578acc4f6def9304ece3dcd6315ebb70dbd09f232dfd7a1a1d 316178 dovecot-imapd_2.0.13-1_amd64.deb
 b70c7bcf50f348285d2bc6a41c4b4de7a8694a9c9afacb3e58396c19b37fa712 256316 dovecot-pop3d_2.0.13-1_amd64.deb
 1d457ebf2bcc5df6ed4603abc0056ef4955251b4efbd36e981c7e83d52c5e3ee 248996 dovecot-lmtpd_2.0.13-1_amd64.deb
 a76e3744a0f6526736181d24ea2ff02d8c91a60b3790a65ea6acf3212d8c4737 283420 dovecot-managesieved_2.0.13-1_amd64.deb
 7abd66f5b34fa9ce4680faf80a06de9a7e24db5b6857cb0d442fa9a4165c93ae 241692 dovecot-pgsql_2.0.13-1_amd64.deb
 64f993ad1f12f63e641949d6c86136ec6ae086a8117e9987c4a5aed58c8d4497 238616 dovecot-mysql_2.0.13-1_amd64.deb
 bbc3d503f3bf68c6c11a788fbcee1ac0271016eb20fa48374f355a9ae2d1ad95 236986 dovecot-sqlite_2.0.13-1_amd64.deb
 d40aad8f154f562dee441e46da4fd108cc5cbee32ee6ee0e0f3fa4785d631594 250606 dovecot-ldap_2.0.13-1_amd64.deb
 9ea2367b954aafd3bdeb59a495976bad3ac15972bd9f9ab2b221f5b062a82517 237284 dovecot-gssapi_2.0.13-1_amd64.deb
 7cdf0104b17c2f56daa0dbd2b2d11a1b4122b4617daf3e43f08d4cf9c811276c 452602 dovecot-sieve_2.0.13-1_amd64.deb
 1ca82ded9724fbe21874123d1928cc9022a0d76350bc07c985fae48dd5ea795b 5269124 dovecot-dbg_2.0.13-1_amd64.deb
Files: 
 fa9a75286d1f0a08c6b89aa66a8bc3b5 1691 mail optional dovecot_2.0.13-1.dsc
 fd8a0702275a61332db7353dadff0f92 3272542 mail optional dovecot_2.0.13.orig.tar.gz
 fba89d8f122e872117eaef62a96e3eff 989015 mail optional dovecot_2.0.13-1.debian.tar.gz
 9e2223ca8b17c130ca2f0ac243c6b7e8 2178118 mail optional dovecot-common_2.0.13-1_amd64.deb
 1d7bc098426ec62eea3ed0c81177284e 440930 mail optional dovecot-dev_2.0.13-1_amd64.deb
 9324af8829cd8f090b67489786938ebb 316178 mail optional dovecot-imapd_2.0.13-1_amd64.deb
 b4af9d09c93074353392f92ef3778486 256316 mail optional dovecot-pop3d_2.0.13-1_amd64.deb
 1e71bdd584901da936df51f2f6cd2fb9 248996 mail optional dovecot-lmtpd_2.0.13-1_amd64.deb
 93af583f6ccf232c84ca7e19250a5c5d 283420 mail optional dovecot-managesieved_2.0.13-1_amd64.deb
 10547b4dcbd60202fe3150283a7b0d21 241692 mail optional dovecot-pgsql_2.0.13-1_amd64.deb
 31cd2f5c860790a1ed571b03b4f03895 238616 mail optional dovecot-mysql_2.0.13-1_amd64.deb
 4be9117fc16a0b50c4125a0e3d2954d2 236986 mail optional dovecot-sqlite_2.0.13-1_amd64.deb
 7d11688453215a419078cf0ae093f76b 250606 mail optional dovecot-ldap_2.0.13-1_amd64.deb
 90fc683f6f2626593c75ebfa9f0dff87 237284 mail optional dovecot-gssapi_2.0.13-1_amd64.deb
 78a0282d7443542194bede3a895600ee 452602 mail optional dovecot-sieve_2.0.13-1_amd64.deb
 7138638d83d23a6184e4e5ffd956eaa1 5269124 debug extra dovecot-dbg_2.0.13-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3Zi0YACgkQaGRzDfCV5eS9oQCcC6pvhlvSdra5/uYLUuJAyfr7
x2YAniXKzYHQGcpe/9MW/iu2KzrXnABw
=eesT
-----END PGP SIGNATURE-----





Bug Marked as found in versions 1:1.2.15-4. Request was from Jan Niehusmann <jan@gondor.com> to control@bugs.debian.org. (Fri, 27 May 2011 11:00:14 GMT) Full text and rfc822 format available.

Reply sent to Marco Nenciarini <mnencia@debian.org>:
You have taken responsibility. (Thu, 06 Oct 2011 01:57:03 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Thu, 06 Oct 2011 01:57:03 GMT) Full text and rfc822 format available.

Message #32 received at 627443-close@bugs.debian.org (full text, mbox):

From: Marco Nenciarini <mnencia@debian.org>
To: 627443-close@bugs.debian.org
Subject: Bug#627443: fixed in dovecot 1:1.2.15-7
Date: Thu, 06 Oct 2011 01:55:46 +0000
Source: dovecot
Source-Version: 1:1.2.15-7

We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive:

dovecot-common_1.2.15-7_amd64.deb
  to main/d/dovecot/dovecot-common_1.2.15-7_amd64.deb
dovecot-dbg_1.2.15-7_amd64.deb
  to main/d/dovecot/dovecot-dbg_1.2.15-7_amd64.deb
dovecot-dev_1.2.15-7_amd64.deb
  to main/d/dovecot/dovecot-dev_1.2.15-7_amd64.deb
dovecot-imapd_1.2.15-7_amd64.deb
  to main/d/dovecot/dovecot-imapd_1.2.15-7_amd64.deb
dovecot-pop3d_1.2.15-7_amd64.deb
  to main/d/dovecot/dovecot-pop3d_1.2.15-7_amd64.deb
dovecot_1.2.15-7.debian.tar.gz
  to main/d/dovecot/dovecot_1.2.15-7.debian.tar.gz
dovecot_1.2.15-7.dsc
  to main/d/dovecot/dovecot_1.2.15-7.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 627443@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marco Nenciarini <mnencia@debian.org> (supplier of updated dovecot package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 25 May 2011 10:08:30 +0200
Source: dovecot
Binary: dovecot-common dovecot-dev dovecot-imapd dovecot-pop3d dovecot-dbg
Architecture: source amd64
Version: 1:1.2.15-7
Distribution: stable-security
Urgency: high
Maintainer: Dovecot Maintainers <jaldhar-dovecot@debian.org>
Changed-By: Marco Nenciarini <mnencia@debian.org>
Description: 
 dovecot-common - secure mail server that supports mbox and maildir mailboxes
 dovecot-dbg - debug symbols for Dovecot
 dovecot-dev - header files for the dovecot mail server
 dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes
 dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes
Closes: 622384 627443
Changes: 
 dovecot (1:1.2.15-7) stable-security; urgency=high
 .
   * [2ffd812] Lifted Build-Conflicts with ancient linux-kernel-headers
     (Closes: #622384)
 .
 dovecot (1:1.2.15-6) stable-security; urgency=high
 .
   * Rebuilt in a clean squeeze environment, no changes.
 .
 dovecot (1:1.2.15-5) stable-security; urgency=high
 .
   * [feae144] Fixed potential crashes and other problems when parsing
     header names that contained NUL characters. (CVE-2011-1929)
     (Closes: #627443)
Checksums-Sha1: 
 b68551c57ec82349ca160aa84f3367dfe7f23845 2208 dovecot_1.2.15-7.dsc
 24d6b7588aa207e4e54c4afa154b72ac4c3d365b 1498403 dovecot_1.2.15-7.debian.tar.gz
 3d6214237b840729c50d3e0f0c57a4e678d478c3 5512336 dovecot-common_1.2.15-7_amd64.deb
 e0cfaa672ae5edbbbeb06d57fc1b1649c1e3452a 658688 dovecot-dev_1.2.15-7_amd64.deb
 5c79e0b79865217b2fc1c45541d62a4a639a4b34 1177652 dovecot-imapd_1.2.15-7_amd64.deb
 40ee0ae260a3c89296867da96bfaa1cd29682c27 1073328 dovecot-pop3d_1.2.15-7_amd64.deb
 83b695c61203a19b3c6d03f3443d678c1e48382e 15064550 dovecot-dbg_1.2.15-7_amd64.deb
Checksums-Sha256: 
 c58128627d87383635dff60d644bfe06b980ac8257a6511f89d6324bc19f040a 2208 dovecot_1.2.15-7.dsc
 ee031d237f3d4f80ba84c11f92607aad696228007a2f3ba4b656815d1b24096e 1498403 dovecot_1.2.15-7.debian.tar.gz
 2189c38f2edb69b5b22ebf24a7d2a7c498ace8fcb586135db77e0e89ea31a328 5512336 dovecot-common_1.2.15-7_amd64.deb
 5cfdc027f8b8a2934fe81809dc385685def3669b5a113a43651418f086c2e024 658688 dovecot-dev_1.2.15-7_amd64.deb
 66d122c8c6afd30a20aafd0b908193a42e99d132a50bac903b7de1dd9d19707e 1177652 dovecot-imapd_1.2.15-7_amd64.deb
 6b67ed16a7ea50067d0b2d59e19a261077a832b65f8cf09765b580f94a376e38 1073328 dovecot-pop3d_1.2.15-7_amd64.deb
 5a003e89e460f8709126680f230c0df1ab93eefcc6887629a52f374605637a74 15064550 dovecot-dbg_1.2.15-7_amd64.deb
Files: 
 a0683e2fc190f3163b61593ae414cd2c 2208 mail optional dovecot_1.2.15-7.dsc
 90ba20465d1663701a7d136173325416 1498403 mail optional dovecot_1.2.15-7.debian.tar.gz
 a518b5864d8812c4165123e82a04144c 5512336 mail optional dovecot-common_1.2.15-7_amd64.deb
 d59e99ccf2adf2c8376d8ea8702f8ed7 658688 mail optional dovecot-dev_1.2.15-7_amd64.deb
 78316adbc53e5f7c26143ce10f0321ef 1177652 mail optional dovecot-imapd_1.2.15-7_amd64.deb
 9193fb9487a3a37ea64d80ab2f230dd8 1073328 mail optional dovecot-pop3d_1.2.15-7_amd64.deb
 b3c99bbd9869ef02357f20f53773e695 15064550 debug extra dovecot-dbg_1.2.15-7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJOjLM1AAoJEMXOXcLFQs1ZqwAP/A5V9WCdNtyiaqSkYDxXag4E
F/VXGAMqip2+9o3ZMhfzyhu07NUOp9HyU+be0+n9+5AqxLzA1HErwpPWRxv4oqfb
dnxp8LYMnr70y87gx0VdnH+dQ7Rr+V46GeaJK8OVTA9qDFTeXoFKMykXgGt+Wev+
XbgaCBm4HevT4yhQHCeyfRoyuoANkWRkzLn0vpUbxsxPKJLeWuTFnD1sX9x810hf
k9tff7TkXfLMspWo1IwZrt8CkK6J1guIZVDIqALyJhBiDTzF1somGX1Ofc31u0IR
yb7DnHS6bD/br+mfO4syErp9TIuak9Fn134GuXXOXmWhjF7qp09u0CGmtJMx21CK
n/M4PqCYzygtr+FQFA0SwXLL1heyhlO1tkmj9Uwwxr0hzBlaR92hDDVjOzcFXctZ
6mj3soBd9t6jHMQ0FqNm+sxIb/CHX4hhmUfCNsfbrSsk6liIQXSxCkHRJkKp77kn
cZbDZ0JsCZm1IyF2qNY+CLCONu8TND9I077iTrfe8LyQYhYwOtpL/YntWBvmFEiw
BKr1du1EqxJmT6ZVf3KwqFj2cATcwtfeXXfWmZIR1p89t6yTxqWXTfNy35zehju1
0eix2c/TDJxos153p7DLiiYldsF0FxYsR7qauTbGaLfLT7UC68l1YE+GjbnKYeD3
jYROoUMGCLK6I3N6fnHH
=vFXU
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 03 Nov 2011 07:35:47 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 19:49:05 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.