-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 20 Jul 2021 08:05:19 -0700 Source: dovecot Architecture: source Version: 1:2.3.13+dfsg1-2 Distribution: unstable Urgency: high Maintainer: Dovecot Maintainers <dovecot@packages.debian.org> Changed-By: Noah Meyerhans <noahm@debian.org> Closes: 990566 Changes: dovecot (1:2.3.13+dfsg1-2) unstable; urgency=high . * Import upstream fixes for security issues (Closes: #990566): - CVE-2021-29157: Path traversal issue allowing an attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location - CVE-2021-33515: Sensitive information could be redirected to an attacker-controlled address because of a STARTTLS command injection bug in the submission service Checksums-Sha1: 45406379abcdf097616056b6ba308cc48f553c82 3991 dovecot_2.3.13+dfsg1-2.dsc da6799e28dca6ebed9924ce7744a48b9f5a9d93a 66896 dovecot_2.3.13+dfsg1-2.debian.tar.xz 63af3771f71f20788b1870b7cab0f523b64fdac9 7659 dovecot_2.3.13+dfsg1-2_source.buildinfo Checksums-Sha256: 06bbe045c70fa904124a4bbd700d5b1a61418495cff4543a4a8d52138f5cf988 3991 dovecot_2.3.13+dfsg1-2.dsc 251f757bca8b5050234d4f03452dcd5512656e1c880817d740832d3eccf67784 66896 dovecot_2.3.13+dfsg1-2.debian.tar.xz b7e1f0dbca3dbc09f66d48ac2be4af4dc9043c603baa5c0a893b9a102f487acb 7659 dovecot_2.3.13+dfsg1-2_source.buildinfo Files: bf2b5c88020e6aaf60782f4b63699331 3991 mail optional dovecot_2.3.13+dfsg1-2.dsc 1607738fd838882c198071fc45c2f3dc 66896 mail optional dovecot_2.3.13+dfsg1-2.debian.tar.xz 680fc932e4621f5159df6b28a9a3b6fa 7659 mail optional dovecot_2.3.13+dfsg1-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE65xaF5r2LDCTz+zyV68+Bn2yWDMFAmD26N8RHG5vYWhtQGRl Ymlhbi5vcmcACgkQV68+Bn2yWDMzYw/+JVFD4qyiCsm130Er3NPL0nuM6M8wb5Zj 3W4cKBmPbYQhMB6EtYX/QhlAWUtpm0YMp0J6my0BCctGL4P/TE7rqAy6zsfB7TBL lmcqOvjcnMtwE7xzAtuBpgCupFL7y+ck51AoXpG7NaZiu7XWZiASEfjPs1YIso/F BgWXIiroiKTfDeWxeJYiMJKcT6njd6V/avJu8B1UZqRgRUAHoQvIvf4zTub+tk6M hzsVINt1vXxEzIuvnDhdV/hrRlI7H/Lg84AJYABDskv9Q+jmzMzIIROMt/2d6zFi JKYDi4HiGSB7aP980+CC+Hq7c9oPi1jz4RF5vKrznLPYw/Iipfg5/HHEVyRj92cw wZdx4UkS970uzWLTXHXREPHHd2BGLlKcF706ldOEYTamHh68TfenAI3CkOO/RWa3 SN2MNmjL4FilPzcZkh9tVEZaP7v04ObIt7UZDV6R6oRcv8SSVBCWSes7RGueh+Wg 7avdiM9MOxvcil3QqEklM7RA27VV6dDgMH1/5fOvn1ib1VAjWSapddAzQWk9QRjq LAVzXBGD69vOivHegmDpFy/pGUL0PY1IFto0sjdlKS5hn+cWjDNGA/i+MHVuvZIN M/rTPGIWVK7MDb4kEvZ2Fwj3l2wFY20TSVIGlEX8vr4X95U1XYR0A0v6s1fsv0nI s4G/vfxhMJo= =olIm -----END PGP SIGNATURE-----