-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 Aug 2020 12:28:38 -0400 Source: dovecot Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg Architecture: source Version: 1:2.2.27-3+deb9u6 Distribution: stretch-security Urgency: high Maintainer: Dovecot Maintainers <jaldhar-dovecot@debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: dovecot-core - secure POP3/IMAP server - core files dovecot-dbg - secure POP3/IMAP server - debug symbols dovecot-dev - secure POP3/IMAP server - header files dovecot-gssapi - secure POP3/IMAP server - GSSAPI support dovecot-imapd - secure POP3/IMAP server - IMAP daemon dovecot-ldap - secure POP3/IMAP server - LDAP support dovecot-lmtpd - secure POP3/IMAP server - LMTP server dovecot-lucene - secure POP3/IMAP server - Lucene support dovecot-managesieved - secure POP3/IMAP server - ManageSieve server dovecot-mysql - secure POP3/IMAP server - MySQL support dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support dovecot-pop3d - secure POP3/IMAP server - POP3 daemon dovecot-sieve - secure POP3/IMAP server - Sieve filters support dovecot-solr - secure POP3/IMAP server - Solr support dovecot-sqlite - secure POP3/IMAP server - SQLite support Closes: 968302 Changes: dovecot (1:2.2.27-3+deb9u6) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. (Closes: #968302) * CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. * CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. Checksums-Sha1: 74a598e83f156a5aed6cf46dfe2e46fe0f482af1 3416 dovecot_2.2.27-3+deb9u6.dsc f3b7f14efe82e22e6a92e6fd8ccddfce5ea2e316 879448 dovecot_2.2.27-3+deb9u6.debian.tar.xz e50fe33d6b582c63e32c162e867804e6f25999ca 12648 dovecot_2.2.27-3+deb9u6_amd64.buildinfo Checksums-Sha256: 7061903ec2c3fa5ba087868ed7c577ed3f679866d439b2c2f1eada07cf62d2c8 3416 dovecot_2.2.27-3+deb9u6.dsc 52ceb32f6e14ff867f9c5200edd553fa161766e00484c26434b00ee485915634 879448 dovecot_2.2.27-3+deb9u6.debian.tar.xz 9f8eaac8a17ea5cae7a03ecd95aedc43c0f526de90233eb3a7a0be1a2b2dffaa 12648 dovecot_2.2.27-3+deb9u6_amd64.buildinfo Files: 699896ddb031894fc6c50f9461e892fc 3416 mail optional dovecot_2.2.27-3+deb9u6.dsc 671661976b8559941b078268791dbbab 879448 mail optional dovecot_2.2.27-3+deb9u6.debian.tar.xz 650a5dcb3cb2c2b79e382b46854c5bae 12648 mail optional dovecot_2.2.27-3+deb9u6_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl84VRwACgkQLNd4Xt2n sg/n5hAAlLXn+DyafE0BM/N737V/whNQXCxV4Oo8DgDIVWuYUI0PMvftxmho4fTs p8WMG/zrWDr0QN2Gn7HW+EbEa3oHHsyMEmg85br6J2Y/kA6ie/m44ZTSMxmIlHKO U5U6ig0v81ocR8y2DEN9ZHu7zaXYKAooYnnRaE//UMm0rudWc0+bMdjDnn21zVbv BxnAuDnWQMrvlKNgbA3Ugq8ff+QVwDqr6A249QO8ouY/CLwzQZdVgNdQ2UHJZ7K2 IP1Bwg+uvH1T20vY+qV2eSsri+O9tbEtzROJHpCC23gv9z6LW2nt2jrmiJXkkyOd KRZIdVq5vlBb5RRiRrhI2slnh0TjLMbX8X+M3hGqVmMjuEyrG7EsDJfNDuoxFnF1 9t/kFb6KYUQDUOeKhg57FCIilstsb60T4kvw44jxvcRSq2BN0WZ3DGjsbDFF+WrP 5zGDfE3Oj8t8cdLVw1dDScHXJ8vRUDlNBWWeUyB+NQVE2si24qF744b6+xVA/+re nnt1G2EOpC1q0p6MgnFrJJkb/Q6VzAKCDSHOMeK7fu8YmrO74Bd20T7Du50yKV1t Nr4NpTlsJ38DunbfBuhGkpnrEvtnWAWrT/zOJDn0ognkzvYL06SH2nswhRwY2yXa HWE17KCNW0w+Mv+bYd5+1oq09sxM2wR9G9R5xYXl0NyHy/lmzVA= =g4XC -----END PGP SIGNATURE-----