-
dovecot (1:2.3.13+dfsg1-2+deb11u1) bullseye; urgency=medium
* [4b5dac8] d/patches: cherry-pick fix for CVE-2022-30550 (Closes: #1016351)
* [597ba7f] salsa-ci: build with bullseye
-- Noah Meyerhans <email address hidden> Sun, 31 Jul 2022 17:47:06 -0700
-
dovecot (1:2.3.13+dfsg1-2) unstable; urgency=high
* Import upstream fixes for security issues (Closes: #990566):
- CVE-2021-29157: Path traversal issue allowing an attacker with
access to the local filesystem can trick OAuth2 authentication into
using an HS256 validation key from an attacker-controlled location
- CVE-2021-33515: Sensitive information could be redirected to an
attacker-controlled address because of a STARTTLS command injection
bug in the submission service
-- Noah Meyerhans <email address hidden> Tue, 20 Jul 2021 08:05:19 -0700
-
dovecot (1:2.3.13+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [6829237] New upstream version 2.3.13 (Closes: #979363)
- CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
- CVE-2020-25275: MIME parsing crashes with particular messages
* [6d25736] Add libzstd-dev to build-dependencies (Closes: #969165)
* [5956798] Rebase patches
* [2cb63c3] Bump to standards version 4.5.1 (no further changes)
* [548bac5] Drop unmatched copyright src/lib-ntlm/* wildcard
* [6f33f3f] Ignore package-contains-documentation-outside-usr-share-doc
false-positives
* [dde9c94] Handle removed configuration file in postinst
[ Pino Toscano ]
* [04a60e3] d/{control,rules}: disable apparmor support on !linux archs
(Closes: #951869)
[ Helmut Grohne ]
* [e5f9fcb] d/patches: improve cross-compile support (Closes: #979370)
-- Noah Meyerhans <email address hidden> Mon, 25 Jan 2021 15:38:17 -0800
