-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 01 Mar 2018 10:55:49 +0200 Source: dovecot Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene Architecture: source amd64 Version: 1:2.2.34-1 Distribution: unstable Urgency: medium Maintainer: Dovecot Maintainers <jaldhar-dovecot@debian.org> Changed-By: Apollon Oikonomopoulos <apoikos@debian.org> Description: dovecot-core - secure POP3/IMAP server - core files dovecot-dev - secure POP3/IMAP server - header files dovecot-gssapi - secure POP3/IMAP server - GSSAPI support dovecot-imapd - secure POP3/IMAP server - IMAP daemon dovecot-ldap - secure POP3/IMAP server - LDAP support dovecot-lmtpd - secure POP3/IMAP server - LMTP server dovecot-lucene - secure POP3/IMAP server - Lucene support dovecot-managesieved - secure POP3/IMAP server - ManageSieve server dovecot-mysql - secure POP3/IMAP server - MySQL support dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support dovecot-pop3d - secure POP3/IMAP server - POP3 daemon dovecot-sieve - secure POP3/IMAP server - Sieve filters support dovecot-solr - secure POP3/IMAP server - Solr support dovecot-sqlite - secure POP3/IMAP server - SQLite support Closes: 888432 891819 891820 Changes: dovecot (1:2.2.34-1) unstable; urgency=medium . * [f53dc9a] New upstream version 2.2.34 Fixes the following security issues: + CVE-2017-15130: TLS SNI config lookups may lead to excessive memory usage (Closes: #891820) + CVE-2017-14461: rfc822_parse_domain information leak vulnerability (Closes: #891819) + CVE-2017-15132: auth client leaks memory if SASL authentication is aborted (Closes: #888432) * [0dc98c6] Do not patch all-settings.c; regenerate it at build time instead. Thanks to Aki Tuomi! * [e678e3b] Bump dh compat to 11 + B-D on debhelper (>= 11~) + Use dh_installsystemd instead of dh_systemd_enable * [271b290] Bump Standards-Version to 4.1.3; no changes needed * [3cd6715] d/copyright: bump upstream and debian years * [380d1ac] Drop the ENABLED flag from /etc/default/dovecot (but let the initscript handle it if it exists) * [97d6fae] d/watch: switch upstream URL to https:// Checksums-Sha1: b77048eda2dd397cba70688ce8b6c0f43d615bd3 3164 dovecot_2.2.34-1.dsc 4b1c016d0d3ec4b06a2eb26e7cbbf83e70ac16f9 6181270 dovecot_2.2.34.orig.tar.gz 9b42445eef114e7ed8f19d291b480a8bedf8622a 879184 dovecot_2.2.34-1.debian.tar.xz 7635662c616a30336ac8c4c0d1a774b506218d39 10214516 dovecot-core-dbgsym_2.2.34-1_amd64.deb 9993e696a04f4f4cf1d46e44a1c71af338813919 3587692 dovecot-core_2.2.34-1_amd64.deb f36a8d6a5ee79c6214dd86fbd23d0d054ff57322 1126556 dovecot-dev_2.2.34-1_amd64.deb 343e937152c327cd1847b473cb6b1fcd9b22158a 18912 dovecot-gssapi-dbgsym_2.2.34-1_amd64.deb ca3bfd4c67c9ddca88c0fa4734b1d15584adb9b4 829248 dovecot-gssapi_2.2.34-1_amd64.deb 0d6c765ea6cc28a5c889754167746bca78243061 708128 dovecot-imapd-dbgsym_2.2.34-1_amd64.deb 325b2130122d56bacc40c4a340a1ccd09c48636f 972196 dovecot-imapd_2.2.34-1_amd64.deb 8c3c9106e9c22961779e9c694e9c7f9576f181cd 597272 dovecot-ldap-dbgsym_2.2.34-1_amd64.deb ed7441e6ec303af0beed201bf535c245bf9670e9 1041068 dovecot-ldap_2.2.34-1_amd64.deb b6b5fe69e5bcd9abe76e813d06a6501d8d00bc2a 84452 dovecot-lmtpd-dbgsym_2.2.34-1_amd64.deb 2a43aed8b82d383c2f741875e8f5297e019cc4f0 843764 dovecot-lmtpd_2.2.34-1_amd64.deb 942dbc6904cb41bb9fb297dae7e1a77de61825aa 136500 dovecot-lucene-dbgsym_2.2.34-1_amd64.deb 7f940d2f677dea39bb607920ff7ef6379541bfc4 848236 dovecot-lucene_2.2.34-1_amd64.deb 9b1e4501973d1f246710bb7082f0a42b280910c6 134620 dovecot-managesieved-dbgsym_2.2.34-1_amd64.deb 6c52687f794459562cab1dad82922add09225f3f 860468 dovecot-managesieved_2.2.34-1_amd64.deb 41828d18a6b2a29e6604f3cbd5523396e857d2da 19528 dovecot-mysql-dbgsym_2.2.34-1_amd64.deb 0b3f3260c028ebe7df4c4baef15bbc43825e76a5 830172 dovecot-mysql_2.2.34-1_amd64.deb 205c2dd7887d7c45b2e2f8a9811141e7c953323a 24260 dovecot-pgsql-dbgsym_2.2.34-1_amd64.deb f3d2993f5b755031ffa703b3095fd7b74c27caf5 833072 dovecot-pgsql_2.2.34-1_amd64.deb 34d0598c72d488e322c3085748d2cb02fc49bbdb 81268 dovecot-pop3d-dbgsym_2.2.34-1_amd64.deb 3290d7da9c25e7a221f75b5c822a524a9f8d784d 850912 dovecot-pop3d_2.2.34-1_amd64.deb 7f560d3d1b66ce36c5b7267d58a0341056992fbe 1654948 dovecot-sieve-dbgsym_2.2.34-1_amd64.deb 3589f7aaf2842270bd6dff63e230b54010ab4f05 1129152 dovecot-sieve_2.2.34-1_amd64.deb 341a06ea99fd04c047149116f9c67eece5e02e21 91600 dovecot-solr-dbgsym_2.2.34-1_amd64.deb 1931c3dcd59ee3d246231dc699c9c58a6e9bb55c 841088 dovecot-solr_2.2.34-1_amd64.deb 6ae096a49ecb6029d9c9c1233b6b4964692d93e5 12672 dovecot-sqlite-dbgsym_2.2.34-1_amd64.deb 218156ad769c62165568cb5c7408158bce6edb6e 828148 dovecot-sqlite_2.2.34-1_amd64.deb 881af6cbf6c736246fe338659c96bf6a55aaef29 15004 dovecot_2.2.34-1_amd64.buildinfo Checksums-Sha256: 602be3064c6a872b8a5c4f70ba548d529e9da2aaa7b4d83c45e91ac21b898638 3164 dovecot_2.2.34-1.dsc 5e92a4325409e66b343f6aaa67174b8921ce83d0df792c6eeb0b7b7e2c808353 6181270 dovecot_2.2.34.orig.tar.gz ed45d14ec501d06e5542fd653aec00d8744558d4d6316939410858b60a2864b8 879184 dovecot_2.2.34-1.debian.tar.xz 9d6330e24ea825050a79ddf2541bc87272690f0754a34b2923ea5ce8336aa971 10214516 dovecot-core-dbgsym_2.2.34-1_amd64.deb 8ed56652c14a9d7e24d57288438d04fdac2fb7e2fb15e65c69c2512853c082b2 3587692 dovecot-core_2.2.34-1_amd64.deb fd0e10f084f604d4851e29760087493d9778c2e6e73b9016f1a0ff2d5ddbe35f 1126556 dovecot-dev_2.2.34-1_amd64.deb 8f76bd970320757624015acbe64f883eb9e793b571932b31812e531c43d4ed59 18912 dovecot-gssapi-dbgsym_2.2.34-1_amd64.deb 88746ec16980a6bd28f34508acfd63ed95fa7ef3f11c70938a7e2a0f05ce95fc 829248 dovecot-gssapi_2.2.34-1_amd64.deb 7d9375aa4b6f1d07b9e9e1c3cc54f26278169ad8b7c514ebbf40cf900a342116 708128 dovecot-imapd-dbgsym_2.2.34-1_amd64.deb f27257f60f3dc01ce1e2781c4dcf5c6c2aa58563b993a23041c909828f14aaba 972196 dovecot-imapd_2.2.34-1_amd64.deb 493510b96256097fd3287492671457e0577d0fc84e3f8b7e8de91744981d631a 597272 dovecot-ldap-dbgsym_2.2.34-1_amd64.deb add3acf71af14817469f027a5010f542cc01adc4f972922210c3d479f73c10a9 1041068 dovecot-ldap_2.2.34-1_amd64.deb f087f42d8d06e1522d02e46ba0eb2bbc5113f53b58815abf1038ec13f66005d1 84452 dovecot-lmtpd-dbgsym_2.2.34-1_amd64.deb 4d7d408d5cdf8701b314aa273c78fb317f6c0d225698dd922927e086213ca660 843764 dovecot-lmtpd_2.2.34-1_amd64.deb 9ea2698dd6f28d92344454728dfa197b0980805e5dc0d2bcf276649b01b26e31 136500 dovecot-lucene-dbgsym_2.2.34-1_amd64.deb 95d17ac2334817a5eea8aeb705a85656f7c24ab25b56dd9a700fb439ef76e272 848236 dovecot-lucene_2.2.34-1_amd64.deb 77256f6898db95cb07297d114b65f769523e2e7fe0e239bc562e3cae2ead180f 134620 dovecot-managesieved-dbgsym_2.2.34-1_amd64.deb a9efac573dba61cbf239983cd7eb79860206aa3c61132ee17d0a9965c25410df 860468 dovecot-managesieved_2.2.34-1_amd64.deb d57dc5f7b47c6c871c2de30ae1907a2bf416d58eb5c2940bd788a67196604ad8 19528 dovecot-mysql-dbgsym_2.2.34-1_amd64.deb 71636b823aca2e40e877958ec74b477b24e3b8ba2dcb43a3e26d49113f8480c8 830172 dovecot-mysql_2.2.34-1_amd64.deb d6fc7290e59bd3a28c78c6a1b9bab7984f07d8dd600a961c3b567ae2e3d014f1 24260 dovecot-pgsql-dbgsym_2.2.34-1_amd64.deb 20da36e5bd3b710fd2387e5208e15740272416f9a2a72d8b1e3b7a365b3269fd 833072 dovecot-pgsql_2.2.34-1_amd64.deb f23237dbe26c1456b4acdde244e6b83018cdb518c86424a9bda6e0edfcc8fd5d 81268 dovecot-pop3d-dbgsym_2.2.34-1_amd64.deb 766bb61f1d8319794cdba05ca0c5589111962b6ac6ff06adbf529a43b6fee527 850912 dovecot-pop3d_2.2.34-1_amd64.deb 5bce5a8cf6e40484259f971a1c2c4bcf2f8f5570395178f39cc51d02f34f2303 1654948 dovecot-sieve-dbgsym_2.2.34-1_amd64.deb efe363ce2c7c57afbd1544079280c43733b9af76ac382225b5cdbdf2b9ed6373 1129152 dovecot-sieve_2.2.34-1_amd64.deb ba24ffd6935d357b09ae303bfa94fc991ffb71cf31c13bc1380f329f75e05497 91600 dovecot-solr-dbgsym_2.2.34-1_amd64.deb 9fd350bcb49f1f36964b494aa6fe05997e94463bdb634e1b753b7256c0db109d 841088 dovecot-solr_2.2.34-1_amd64.deb e9301c29e01122be9e1df5cacc3a10805eebb2bd27cf69469e30d2afaef2575a 12672 dovecot-sqlite-dbgsym_2.2.34-1_amd64.deb 5a7e56b56f3daf48561e9939c6ad0bcd950c5d9e2802ab415094a1b511a41cfc 828148 dovecot-sqlite_2.2.34-1_amd64.deb 22eda30a7a07fbae534b4685f902f9e874636037991aad37c6408582b858efe6 15004 dovecot_2.2.34-1_amd64.buildinfo Files: 5d2ce515c43dfd75957e2ef83a997fe7 3164 mail optional dovecot_2.2.34-1.dsc 29a2e7812c34e6b35db4f86260fed197 6181270 mail optional dovecot_2.2.34.orig.tar.gz 759e8d3bb83df7665c38183c4811e4eb 879184 mail optional dovecot_2.2.34-1.debian.tar.xz cd833ef3caefd2824e7175911f46dfa3 10214516 debug optional dovecot-core-dbgsym_2.2.34-1_amd64.deb 8f76cc4ca80990707dc7729d490918a8 3587692 mail optional dovecot-core_2.2.34-1_amd64.deb e6994490ba0a26ea7de8be4d3ab34c9e 1126556 mail optional dovecot-dev_2.2.34-1_amd64.deb 12cfdd9ae7674f8503a5c099a2b593a1 18912 debug optional dovecot-gssapi-dbgsym_2.2.34-1_amd64.deb a4a62c74426e79d532e4ba3406ee1444 829248 mail optional dovecot-gssapi_2.2.34-1_amd64.deb d9b2d64e91e195a968df1d67104547a5 708128 debug optional dovecot-imapd-dbgsym_2.2.34-1_amd64.deb 49704f38ec739fbd97ecd34b6f205ac0 972196 mail optional dovecot-imapd_2.2.34-1_amd64.deb 3e84c0dd370b83d52516ea63f76b0dd6 597272 debug optional dovecot-ldap-dbgsym_2.2.34-1_amd64.deb 8a7ac1d3f5a605fddb9f35a0bd31c9d9 1041068 mail optional dovecot-ldap_2.2.34-1_amd64.deb d3d76bcba12f2de8a7f648cdd86efb6f 84452 debug optional dovecot-lmtpd-dbgsym_2.2.34-1_amd64.deb 48b141e3851f50b11f56fc4acee12d19 843764 mail optional dovecot-lmtpd_2.2.34-1_amd64.deb 7a205bb9a2318187e9ef981da4d2354d 136500 debug optional dovecot-lucene-dbgsym_2.2.34-1_amd64.deb c694353c79828ecdd244940c3fc27b52 848236 mail optional dovecot-lucene_2.2.34-1_amd64.deb c32c33f6df493e2408632cea337026d0 134620 debug optional dovecot-managesieved-dbgsym_2.2.34-1_amd64.deb 65268a4814d23940b6537d7fec48c552 860468 mail optional dovecot-managesieved_2.2.34-1_amd64.deb 5af519a0d01f7674ab0bb488b3c64e74 19528 debug optional dovecot-mysql-dbgsym_2.2.34-1_amd64.deb de4fc4ca543ffa698a9437a1f82af14f 830172 mail optional dovecot-mysql_2.2.34-1_amd64.deb 8daa613ed81ca23680d92066ab8ab1f7 24260 debug optional dovecot-pgsql-dbgsym_2.2.34-1_amd64.deb 8a4c310fcf20fdcda50a301a9886facc 833072 mail optional dovecot-pgsql_2.2.34-1_amd64.deb fda95a28b9a92a45eb41bd39814c5e86 81268 debug optional dovecot-pop3d-dbgsym_2.2.34-1_amd64.deb 697e3a7d8e1e36cb3e9dbdb6f3a53fc9 850912 mail optional dovecot-pop3d_2.2.34-1_amd64.deb 578744859d1d99c2373c763fabb8eb52 1654948 debug optional dovecot-sieve-dbgsym_2.2.34-1_amd64.deb 1cd8e96d2e3de5ce2c3a2729b9e5ad5c 1129152 mail optional dovecot-sieve_2.2.34-1_amd64.deb 63cfc30936be702e413af430f43e5d5a 91600 debug optional dovecot-solr-dbgsym_2.2.34-1_amd64.deb 63ddfa63cf7f1121b783eed52720f138 841088 mail optional dovecot-solr_2.2.34-1_amd64.deb 04b8d2c24159001d0aa66b4bfa5f60e8 12672 debug optional dovecot-sqlite-dbgsym_2.2.34-1_amd64.deb b1157e2779bf4f51a87e11c3309ae4b9 828148 mail optional dovecot-sqlite_2.2.34-1_amd64.deb c6cd2e0235db68fd90a9577cc4ad8049 15004 mail optional dovecot_2.2.34-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlqXyMwACgkQ9RsYxyAk giQ8Ag//aNthHTzduDA03Jd5RE3XcQXDw8raYQj7JpMtjbRzlx0NJEvyvkUzSjP2 FNoujnsYxQIG92a4iL/FSc7iIVxoxqaqfznhwGl2AtuSVUNtwjkBO51nz6BrGs5k EtQI326tbZPRX/zoW+4+4OVviEUbkonfZVcmypQQoi80SwEfUhn62iS8E0Djp1Bw BrkQhX8CwEvdNWrPccDmsGfBM+THaeTcoknQgxrxkYmd9lOz4POjF2zdQCYyNag6 J4hfcnPyaEPb7OpUQ+HcTqnDzzwPMXDMlxcu/4RnMVeuudsPEqEIIUQ5t54SQOal vqD01WZKiKt49AqA91HR9mgLJyA071nbiJ8Y+9UBD7x71Ni5O3Odj9lu9LWnnhxW 7KFdtmId67OmgvnYRLsvMxvJF2tY41+Xw7tUaTPcPEaje6Q6394qPzffuMlmhc9d vwTdTo86+n5s6yYf4+ziG/z9+k0NxTGLOcls0KPWew8dOhPbPvH5EKoyPE93FMUb T2/aFJN/cZdZDJVvaajSCxCVRjyptHJrddSQhCpNMVzHqGHxP5E4Rw/2tYmeGzkN Sa+wvSNQUKgsJfbzWPVerQ+twc+lH3Da6CsPpHxppbYCKjW6zd94aZpo//oA/blW p75W/8QNW7rvCOeL9PCzEeSNef03D1QiMzL/4d88P56exWMouR0= =0x20 -----END PGP SIGNATURE-----