-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Aug 2020 16:21:24 -0700 Source: dovecot Architecture: source Version: 1:2.3.11.3+dfsg1-1 Distribution: unstable Urgency: high Maintainer: Dovecot Maintainers <dovecot@packages.debian.org> Changed-By: Noah Meyerhans <noahm@debian.org> Closes: 968302 Changes: dovecot (1:2.3.11.3+dfsg1-1) unstable; urgency=high . * New upstream release fixes security issues (Closes: #968302) - CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. - CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. - CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. * Add libcap-dev to build-dependencies to support dropping linux capabilities. Checksums-Sha1: 0d8377d47def44b0c96e02f9aca91bf4862d26f4 3980 dovecot_2.3.11.3+dfsg1-1.dsc 24320f66d1b7dacf88e72bc941647e8bb65f1a70 1582932 dovecot_2.3.11.3+dfsg1.orig-pigeonhole.tar.gz 4a094ae503ded8ccea97cc06680fbb2e0f9c3171 7353412 dovecot_2.3.11.3+dfsg1.orig.tar.gz b2a229e4fcd7df6b3e8bdcaf7b58f174069c8df6 866 dovecot_2.3.11.3+dfsg1.orig.tar.gz.asc f1b6fefca1e22c9397d5708307d73ae62860b90d 60412 dovecot_2.3.11.3+dfsg1-1.debian.tar.xz 8cc56df2aae07cb936967ceaf4f0316e312ff8b1 7777 dovecot_2.3.11.3+dfsg1-1_source.buildinfo Checksums-Sha256: 84df09ca5b96968daf4b0e3df31c2c5a2e0733f27b2c25b83d2708dcf346878d 3980 dovecot_2.3.11.3+dfsg1-1.dsc 73ffc0cff40b768f8dcf772957b58f3fe8b4a740ffe6fb6e9e66093aec41bc1c 1582932 dovecot_2.3.11.3+dfsg1.orig-pigeonhole.tar.gz d3d9ea9010277f57eb5b9f4166a5d2ba539b172bd6d5a2b2529a6db524baafdc 7353412 dovecot_2.3.11.3+dfsg1.orig.tar.gz fd73852972032af5e9b25992d94736d18460938ed21b9b6b10c9f77b5468ff89 866 dovecot_2.3.11.3+dfsg1.orig.tar.gz.asc 9e3c79b6f5555491bb9708eaa8596ee7d26da42ee7c6cca113b3fb18c4f61a1e 60412 dovecot_2.3.11.3+dfsg1-1.debian.tar.xz 19af65428bf9886b2536e71a6469af869f45eac9cd01cd140d267559d4960632 7777 dovecot_2.3.11.3+dfsg1-1_source.buildinfo Files: ee0cfbf3b7b42dec12dda382a603064b 3980 mail optional dovecot_2.3.11.3+dfsg1-1.dsc 5cf3c6d6f7a65a08776d236818936e11 1582932 mail optional dovecot_2.3.11.3+dfsg1.orig-pigeonhole.tar.gz f06f2272fad04e7b0207f8d00a291f66 7353412 mail optional dovecot_2.3.11.3+dfsg1.orig.tar.gz 4310c7dff06239a534c731d5fc9ea7b0 866 mail optional dovecot_2.3.11.3+dfsg1.orig.tar.gz.asc 8eaa02a319a54438b07a8c297d0fc49d 60412 mail optional dovecot_2.3.11.3+dfsg1-1.debian.tar.xz b353d7a725e5376fd0e4dfadf4ec318b 7777 mail optional dovecot_2.3.11.3+dfsg1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE65xaF5r2LDCTz+zyV68+Bn2yWDMFAl811ikRHG5vYWhtQGRl Ymlhbi5vcmcACgkQV68+Bn2yWDO0pg//a5QwNhaON3DkS2sxffD3bHmCD9rthQ+s UzD022AiHAKrZv7aGCkppHC3pjEPv13uYk1Vz0TbLsi9b9yqhaW7E3xLd3evzZhw F8+A4dDDQ3YfXm1KnIXVoXZ3kgBB7bR58FiHA3ca2gULIU9nyCZAU5zVaB485EcE gfkVi84R1ZLaAUq4Csp4ibcRN11svPvDQ1cGYTI7NmTnHMVmOuRBJGxQHXqkAk+R dOl9omKS/MyKtPX9ecHVUjY8VgnQl6u5ws0ayHALWSSx4gh15Hp1ZaREHY59rs+M Q59WNQOuRENfYrAZBvpKF5H0aVM7K/NKhJn40YKAgqVFpzDj4ey2UEKpqkl5rat5 FLsY1sLmr4hXD0m/cChM92WSMGveu/hB0p1F0ihre4JFaS4ZSJlIKk/mQ/881tLr JIpJVPu5PUCbGEtSYW/5MDIL+QFRveAwjYOZqbTbzQIkAiJdTCWWgfxocg75ij6B QavCvD9XAh/o6wHeeI5AJ/x+yZLf1SNzMViL6oPWsU4RyP8TLcQjhCHwQUEf851Q 2Qg0+DtFMY+NfQR0aYSAnOOdO8obAnSGTmnWxguCrxWkEomFQs9KcB/mH7vEzCxE xOwVpKqOB/aJXCUeqExVAp/YVuvmCB6Z218CEKBR9YgVdULg1QFslP20H4EPHDrO c1bmhkrQm0c= =GDME -----END PGP SIGNATURE-----
