-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 13 Mar 2008 12:22:32 +0100 Source: dovecot Binary: dovecot-common dovecot-pop3d dovecot-imapd Architecture: source amd64 Version: 1.0.rc15-2etch4 Distribution: stable-security Urgency: high Maintainer: Dovecot Maintainers <jaldhar-dovecot@debian.org> Changed-By: Fabio Tranchitella <kobold@debian.org> Description: dovecot-common - secure mail server that supports mbox and maildir mailboxes dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes Closes: 470685 Changes: dovecot (1.0.rc15-2etch4) stable-security; urgency=high . * Security issue: some passdbs allowed users to log in without a valid password (http://dovecot.org/list/dovecot-news/2008-March/000064.html) Applied upstream patch for the 1.0.x branch, downloaded from: http://hg.dovecot.org/dovecot-1.0/raw-rev/da2a9372e26e (Closes: #470685) * Security usse: mail_extra_groups setting is often used insecurely (http://dovecot.org/list/dovecot-news/2008-March/000060.html). Applied upstream patch for the 1.0.x branch, downloaded from: http://dovecot.org/patches/1.0/dovecot-1.0.10.mail_priv_groups.diff Files: 8146ccf246ed64e1ac8c0127489ec798 1300 mail optional dovecot_1.0.rc15-2etch4.dsc 21959fc45cf0f8932fa9eb890791ff39 102991 mail optional dovecot_1.0.rc15-2etch4.diff.gz 1c2e1ffeb6bf745ed88cde01c62d264a 1222430 mail optional dovecot-common_1.0.rc15-2etch4_amd64.deb c17bac715f188f55ae20e5a3c95109b1 569588 mail optional dovecot-imapd_1.0.rc15-2etch4_amd64.deb 4f64ed0cc16510e9c3d709342b3c57ca 536634 mail optional dovecot-pop3d_1.0.rc15-2etch4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR9mMPL97/wQC1SS+AQIwhQgAp+6V/7U8gFADUyF647zgmz6buko+Ohqt m/zmX01fIi9zLX8WUZJ3yp1izyIvLKoqbHDZywzAzArp1Q+OkNhvWgOEXcq9dLsX 37mGoh9EZ+OjsufFh+tjhAM+tEuESmoz8GIhnzxtnNXZ3hIM0CBYDyhl2nt1kZXo PgZmxhg7Dk6ukLaFZOWCF9r2QYegdreW1gPVWDqNEYFcSAFO1lJIiyMPrLqVjdjV r3KRvxH7v/SCAttPnTHQ85umIpA4Sc6OsJroovYYcEcHAu267eyFD39d5CyYttqv 2mgkgBEjUjLUx35V8P/OZDMVln64w0F3sxLjze9Yx4Gx6qETmpFbWg== =M6Zu -----END PGP SIGNATURE----- Accepted: dovecot-common_1.0.rc15-2etch4_amd64.deb to pool/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_amd64.deb dovecot-imapd_1.0.rc15-2etch4_amd64.deb to pool/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_amd64.deb dovecot-pop3d_1.0.rc15-2etch4_amd64.deb to pool/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_amd64.deb dovecot_1.0.rc15-2etch4.diff.gz to pool/main/d/dovecot/dovecot_1.0.rc15-2etch4.diff.gz dovecot_1.0.rc15-2etch4.dsc to pool/main/d/dovecot/dovecot_1.0.rc15-2etch4.dsc