-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Aug 2019 10:54:21 +0200 Source: dovecot Architecture: source Version: 1:2.3.4.1-5+deb10u1 Distribution: buster-security Urgency: high Maintainer: Dovecot Maintainers <dovecot@packages.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Changes: dovecot (1:2.3.4.1-5+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2019-11500 - lib-imap: Don't accept strings with NULs - lib-imap: Make sure str_unescape() won't be writing past allocated memory - lib-managesieve: Don't accept strings with NULs - lib-managesieve: Make sure str_unescape() won't be writing past allocated memory Checksums-Sha1: 76fa79c441f8d5400537589275a49dabb81d5db9 3495 dovecot_2.3.4.1-5+deb10u1.dsc 742c8d3c043723c5da9e07944214068689a89556 6925073 dovecot_2.3.4.1.orig.tar.gz bce32e05caf10e51af35344bf8e7b84b0e2542a9 534468 dovecot_2.3.4.1-5+deb10u1.debian.tar.xz Checksums-Sha256: 9bf241b1e1aff492dac108af0eb1eb2124a9cefa9ade341f5f0bcdeafe759e30 3495 dovecot_2.3.4.1-5+deb10u1.dsc b8873e2ce5c33e58963bb7a8d2ff8427c09dbfdd63e13a0b0f4502864043aa07 6925073 dovecot_2.3.4.1.orig.tar.gz 77e2419b04a84edd13cbf68a65f83c3e8e23e949d3ab3990c8d4caff93833d85 534468 dovecot_2.3.4.1-5+deb10u1.debian.tar.xz Files: 4e03afa08ec26cf919d40187eb0d4fe7 3495 mail optional dovecot_2.3.4.1-5+deb10u1.dsc b5144d8a7e81833428320a2c32a265d2 6925073 mail optional dovecot_2.3.4.1.orig.tar.gz 3637a13668e33d6f7fef068b16439a1e 534468 mail optional dovecot_2.3.4.1-5+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1jnpFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EwqcP/j8csW2p99ZdrnAsEBiw2ScAA1g0jm1n YWMI0w3GThAzhphkTZb5QxDvNCIQ+Xs+pkO2QHxZ1wASWnksK4yZkFAQePVM8CqN l6hehbWFwcXbV0Ygd837jvp+z/V5sbVifGKi1k9epQcghhw2u1IyKGmxGY4DhjHh u0l2TJQ3TRDDAbaTy7V1nruW5uYeJQf5QBwGtZY4EkGrh3bzpL9tUKoHp543UK9F 8LDrs734ye4HLh4etFNW1YmBMvIOR0tNMDOKxKVo6rr+kM7mXEZhCxEzE/jI8gJW FT6R4dHI9Z4oBjIKnL6wZBiUamroJnCGelgkvpg1Uep1nRKRsfPgku8PxHb7mmmU rT7SLa+B7HCjijQuanTs8DCl0ZwN34KgJjQZyAXqe74mlsxKdZEPFE1Zb01dl4Ns 9It/Kk0Fw3kiAjJTUpCu/mnfV477K4F70wRvkqvTD+vm49NXgobO24YyNvgJRs5Y 1pq2JNVisxuTZ2yaQaylTI2Y+KIIR2Mor8P5AE/91VEgxM7m45MSObHew3HtmIgA xUHSaiHUhKSJzel2X36A/aOl/muv8jDOrjpjpdkdYctW9LjMCN+C5ja7QovlcQ7s PzX5zfwDEfe7vimU5wTT04Mwdw/V8sqeT4h8pOylv6nvxVutUHpJe+O71d7f/ftd O27XIYducKRC =Eq0K -----END PGP SIGNATURE-----