-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 28 Aug 2019 23:48:11 +0300 Source: dovecot Architecture: source Version: 1:2.3.4.1-5+deb10u1~bpo9+1 Distribution: stretch-backports Urgency: high Maintainer: Dovecot Maintainers <dovecot@packages.debian.org> Changed-By: Apollon Oikonomopoulos <apoikos@debian.org> Closes: 928235 Changes: dovecot (1:2.3.4.1-5+deb10u1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . dovecot (1:2.3.4.1-5+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2019-11500 - lib-imap: Don't accept strings with NULs - lib-imap: Make sure str_unescape() won't be writing past allocated memory - lib-managesieve: Don't accept strings with NULs - lib-managesieve: Make sure str_unescape() won't be writing past allocated memory . dovecot (1:2.3.4.1-5) unstable; urgency=medium . * [bd00402] Fix CVE-2019-11494 and CVE-2019-11499 (Closes: #928235) - submission-login: fix null pointer dereference when client disconnects during authentication (CVE-2019-11494) - submission-login: fix assert-crash when receiving an invalid authentication message over TLS (CVE-2019-11499) Checksums-Sha1: e43d7364cd14f1a3ef344b40146645d3944ce725 3621 dovecot_2.3.4.1-5+deb10u1~bpo9+1.dsc 4bfd121fe5470be6883759fb7e45272f3f8c702b 534608 dovecot_2.3.4.1-5+deb10u1~bpo9+1.debian.tar.xz 660ab11e41a5d131e21137a8fe4cfa597d02499e 9227 dovecot_2.3.4.1-5+deb10u1~bpo9+1_source.buildinfo Checksums-Sha256: 2baa3902d78c822a36169a6d05f175d025fd78c36e4055e485438e2ea7360343 3621 dovecot_2.3.4.1-5+deb10u1~bpo9+1.dsc 53c63f853cb3ed3fc6b282a0c52ffc0df000f1578016597e621242a0432a070e 534608 dovecot_2.3.4.1-5+deb10u1~bpo9+1.debian.tar.xz dce148459f009190f070bd43519a4c1263cf051290f20650c00485f19170fd04 9227 dovecot_2.3.4.1-5+deb10u1~bpo9+1_source.buildinfo Files: 59915c0890aaba241377cd1eef643bbb 3621 mail optional dovecot_2.3.4.1-5+deb10u1~bpo9+1.dsc 074557593f61fb66692f5599ee9d3282 534608 mail optional dovecot_2.3.4.1-5+deb10u1~bpo9+1.debian.tar.xz cb87c155b99530247a0ce9f2686a0240 9227 mail optional dovecot_2.3.4.1-5+deb10u1~bpo9+1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAl1npbAACgkQ9RsYxyAk giSAyw//YTP9nmCfs7hP3uRcNCHCKOUP5cdP23U3kFU03fn7K8VJxEvcvpHPfU6S VzK1N361z+Gh8NAIKe3YDXp8KepdYKsRb5qZINFA8q08ONyJp5R2w0NCZTtCNaaJ KkNABu9TUTUa9xouQPUw5C+gloZvFttmkkoa05ENjQ4mSzke+7Oj9AKwBXd1nxuV cwUd0x2ecFm8tIPWggPuDgi4c8w/x21VhPbAfXU0a/R4usV6SEyVKIKKLb68GJxa TBk295zMvLTDDFcENJvBw99MEONnTe+1O2nEFwH8b/1SsGDDvd5lIRmJY5rHWsdW +zKkzH+cVwNkdoe26Kdcswg+lUexS0W8x2IrG2faNRqZjsSfFMMXIH6iQnpITrzL lrnEMLe+vIg7CK2l22Wykfvlpbhgv91BPICakTL5aYrtgUf8BFXLThtk2fGad6yR u2t4P40/obbE6zwxGaBAZoZoqexEndklz7h9ErIonPbCmS9n5qZL96GQGOaVsH/O JBsyCLzYkFgXoCU049c9Bipl7oTbH1VKF6WL6hg2WzeAbpFidKLakXji50hzT1X9 Kx7Z4ACNWNky4qpgGVLhaqDpgOsLjd1X9xtCDFfvwRHhVDctNQGIz2yNKLM7vwuK 6PUt8JLg81dWuIHK8Z06L95vDmXeKc6wGHF17ZlKIMJo5R1cF0M= =AeOp -----END PGP SIGNATURE-----