-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 01 Dec 2013 17:10:57 +0900 Source: perdition Binary: perdition perdition-ldap perdition-mysql perdition-odbc perdition-postgresql Architecture: source amd64 Version: 2.1-1 Distribution: unstable Urgency: low Maintainer: Simon Horman <horms@debian.org> Changed-By: Simon Horman <horms@debian.org> Description: perdition - POP3 and IMAP4 Proxy server perdition-ldap - Library to allow perdition to access LDAP based popmaps perdition-mysql - Library to allow perdition to access MySQL based popmaps perdition-odbc - Library to allow perdition to access ODBC based popmaps perdition-postgresql - Library to allow perdition to access PostgreSQL based popmaps Closes: 680086 726175 729028 737666 751430 Changes: perdition (2.1-1) unstable; urgency=low . * New Upstream Release (closes: #751430) * Fix for CVE-2013-4584 . Perdition fails to apply the administrator's specified ciphersuite preferences when making outbound connections to IMAP and POP servers using STARTTLS. For these outbound connections, it applies the administrator's listening ciphersuite preferences, which in many cases may be significantly weaker. . This is not a critical vulnerability (it can be mitigated, for example, by enforcing a strict minimalist ciphersuite on the backend server), but in the absence of any such mitigation, it may cause the connections between the proxy server and the backend server to negotiate a weaker ciphersuite than the administrator's stated intent. . (closes: #729028) * Versioned build dependency on dpkg-dev (>=1.16.1) (closes: #680086) * Use 1.0 as Managesieve version (closes: #726175) * Use autoreconf (closes: #737666) * Harden build flags * Build verbosely * Update standards version to 3.9.5 Checksums-Sha1: 683abbe3feb1a92b6ed428d479253b49ac19553d 2243 perdition_2.1-1.dsc 81ef59ae0c25533c1ebddb950bc216effc702394 515883 perdition_2.1.orig.tar.bz2 46f2389c4db464ac0ced6796dbcac3575ab76f4c 12520 perdition_2.1-1.debian.tar.xz 3fe63288cc212b412cf69cb885aebbaf38e86254 119552 perdition_2.1-1_amd64.deb 2df3c6392dc2ce5ab5fdc797cb4a1a15ae4502e7 17462 perdition-ldap_2.1-1_amd64.deb 9281ec2eefce33145e4184737ad34dc2b613f448 16012 perdition-mysql_2.1-1_amd64.deb db149f07ce64d51aba601972bc5fba03eafdc236 15556 perdition-odbc_2.1-1_amd64.deb 2c6e26de8d439ab5e35d97163eef5a8757f9f0a4 15418 perdition-postgresql_2.1-1_amd64.deb Checksums-Sha256: c3a33db44222402cf7b7eee3864ca2e11e9f62bed811097fb1602180e0ab7dd7 2243 perdition_2.1-1.dsc e0675bbaa85d17622682e30349f53f31736c3d3ec2ca157fdc929e5d2567e491 515883 perdition_2.1.orig.tar.bz2 0d47e8af3fcbc37e85d184af494e82da53c5fbe27ba5300ac36b20157be90449 12520 perdition_2.1-1.debian.tar.xz cfe34c0e21f95bba383f1efe46ba1b3647d83c11cbed5da2bb3d5a4001ad0b63 119552 perdition_2.1-1_amd64.deb 2f951dbcaf46f4dc95588dbaa247083bcc7b29deb6b05b4007c5b5c03b0ca6ae 17462 perdition-ldap_2.1-1_amd64.deb 6213b85d179ee7011875274c348bd3dddf9580021b5d756214e4b8f0664743cc 16012 perdition-mysql_2.1-1_amd64.deb 83f8f0e65c265b59ffdfaff3ef482adc49bb3a45f904f559ab349dfc235c9870 15556 perdition-odbc_2.1-1_amd64.deb b1cf0be07f52817e9d1f3a059ac218e699c1cdbeb459a6fdea3c138054dbd4b2 15418 perdition-postgresql_2.1-1_amd64.deb Files: a010701387a097507fadd849f4cd013e 119552 mail optional perdition_2.1-1_amd64.deb cbc8e7e6429b2753f9332dd6ffadf6ac 17462 mail optional perdition-ldap_2.1-1_amd64.deb 82a6a9c869af2bcab8e1bb33d762076a 16012 mail optional perdition-mysql_2.1-1_amd64.deb 45768a254aeb16aaf89fcebb5b089e9e 15556 mail optional perdition-odbc_2.1-1_amd64.deb d2dfb6d0fadcd5ccad2582a6fe7c5f12 15418 mail optional perdition-postgresql_2.1-1_amd64.deb ab5e982d73dba6138e6cf98d7784c4d1 2243 mail optional perdition_2.1-1.dsc 1e2c5ecfdcca0c02dde831186a077084 515883 mail optional perdition_2.1.orig.tar.bz2 008f44679e77e2943a7f4f12edca85b7 12520 mail optional perdition_2.1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUEQwEAAoJENfPZGlqN0++7I8P/32EI4RhNmyFJZJJKEcPBbS8 y1qnKlYWN1mAErI08Crl8UzJjvXOvxURTWEZnKB6234qIqdYA28gk/G09RMvLzUs Bhre0eNeF1YaLRhCQJKt1S9iF9u/hTFC4caetrwdRLhrwksp1agyDyb9BHN4eKbb kmVcOqn1iG418Z4lowM5xl6SdIxjeLtYYWfd6UiZpfchgWHDYK41MTTs6xlDelKx wDwnsCqNy7t1A6lOMFigCYc31Diy5pip2pitrKIj7fiKcKfGRqXpC6w2+CVcd6pu ww2uYVj4A3knxL6ZrJ2Ws/ceSa+aVh1kkiGvthY88ExwbuhdxW1yE6McU4WyPPYT UEt7G5JAmV+/giI0n5ucv6qqCKuEVUL7wFNKerxTzesnWU2D9u13OQqhTk3AmMC8 ZFdFmXkagY5H6Ewm32BRsyhYDnmFa8PNjI9TUvIFaVd48uqiwiVjR6zfRz74hh5a 2jRveRSG0TpVBfph0bDXbpxrAqQEQ62f+rq9lQLT9fxd7b2Y7sDNBQOCe/wkkIa7 98MQ1kCx4fKPfyUIHt8faq64ZggA3cWxZIiCjtABMUD5CvBmchpWhzRT7pYg6TsE GHjI+gPQlx/Ye/VAKb3NM4SjAtv11qd2lqpOV9iQ8We4shTvv4Ir+YDfpJhKoS2O M2Zu5G+cAS47HUexGJBM =b/ut -----END PGP SIGNATURE-----