dovecot 1:2.2.13-12~deb8u3 source package in Debian
Changelog
dovecot (1:2.2.13-12~deb8u3) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Revert "auth: Do not double-expand key in passdb dict when authenticating
(CVE-2017-2669)"
This reverts the applied patch which resulted in no longer interpreting
placeholders in the keys even once with dict-based userdb or passdb.
The actual vulnerability was introduced later with "auth-db-dict: Allow
key name expansion" in 2.2.26.
Thanks to Nick Thomas <email address hidden> and Aki Tuomi <email address hidden>
-- Salvatore Bonaccorso <email address hidden> Tue, 11 Apr 2017 09:25:59 +0200
Upload details
- Uploaded by:
- Jaldhar H. Vyas
- Uploaded to:
- Jessie
- Original maintainer:
- Jaldhar H. Vyas
- Architectures:
- any
- Section:
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| dovecot_2.2.13-12~deb8u3.dsc | 3.3 KiB | f2e11d0735258596e3adee992eaf98709a3f95b135f0513ae6d8bab9e55e97c6 |
| dovecot_2.2.13.orig.tar.gz | 4.4 MiB | 133cf3d2aa81733f6688ec986c91dbe07602fad81e856ba3d8046ffca85d9dce |
| dovecot_2.2.13-12~deb8u3.debian.tar.xz | 718.7 KiB | 180a9a609771e91132e319c17bab612983104158ba5d378e418b1f21634331e9 |
No changes file available.
