-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 01 Mar 2018 15:15:45 +0200 Source: dovecot Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg Architecture: source amd64 Version: 1:2.2.27-3+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Dovecot Maintainers <jaldhar-dovecot@debian.org> Changed-By: Apollon Oikonomopoulos <apoikos@debian.org> Description: dovecot-core - secure POP3/IMAP server - core files dovecot-dbg - secure POP3/IMAP server - debug symbols dovecot-dev - secure POP3/IMAP server - header files dovecot-gssapi - secure POP3/IMAP server - GSSAPI support dovecot-imapd - secure POP3/IMAP server - IMAP daemon dovecot-ldap - secure POP3/IMAP server - LDAP support dovecot-lmtpd - secure POP3/IMAP server - LMTP server dovecot-lucene - secure POP3/IMAP server - Lucene support dovecot-managesieved - secure POP3/IMAP server - ManageSieve server dovecot-mysql - secure POP3/IMAP server - MySQL support dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support dovecot-pop3d - secure POP3/IMAP server - POP3 daemon dovecot-sieve - secure POP3/IMAP server - Sieve filters support dovecot-solr - secure POP3/IMAP server - Solr support dovecot-sqlite - secure POP3/IMAP server - SQLite support Closes: 888432 891819 891820 Changes: dovecot (1:2.2.27-3+deb9u2) stretch-security; urgency=high . * [794e743] Fix CVE-2017-14461: rfc822_parse_domain information leak vulnerability (Closes: #891819) * [530ca6d] Fix CVE-2017-15130: TLS SNI config lookups are inefficient and can be used for DoS (Closes: #891820) + Use dh-autoreconf, as src/Makefile.in needs to be regenerated. Also disable dovecot_name.patch, since it changes dovecot's banner in conjunction with dh_autoreconf. * [68c2156] Fix CVE-2017-15132: memory leak on aborted SASL auth (Closes: #888432) Checksums-Sha1: 4cfcc5d55d83674da715edb28218f5c6a5df93d1 3416 dovecot_2.2.27-3+deb9u2.dsc e007081c43b06fa2670d556de7a62bbb87fc637c 5794668 dovecot_2.2.27.orig.tar.gz 7f79a204568dc0a59ac80edb5c9e03c1a4f89f07 862944 dovecot_2.2.27-3+deb9u2.debian.tar.xz 1271b4fce8a8521c6b36fcc0466ff9882266dd7e 3324024 dovecot-core_2.2.27-3+deb9u2_amd64.deb 2fc9e8eef25edcdc885c3d517c6f53042d4c89c4 14125794 dovecot-dbg_2.2.27-3+deb9u2_amd64.deb 146d8dd2723189aa9d3089303b2b3ed0f288cb9b 960708 dovecot-dev_2.2.27-3+deb9u2_amd64.deb 7ced1fef1d78646966527199c82898c31d283ba8 678084 dovecot-gssapi_2.2.27-3+deb9u2_amd64.deb d6ada500d5361dbb438eb2a0c45c66c981a5419c 813812 dovecot-imapd_2.2.27-3+deb9u2_amd64.deb 429b12ab17eb73651a701072c84e357154a6e4e6 877588 dovecot-ldap_2.2.27-3+deb9u2_amd64.deb b58c59e372b93c2f60a54ea776d2d2602714ed11 691994 dovecot-lmtpd_2.2.27-3+deb9u2_amd64.deb 0b15e80c1287596e573c000b073d1669f47f3945 696544 dovecot-lucene_2.2.27-3+deb9u2_amd64.deb cafafe0be05c6d3380dc41d0f0924a4a6cfe3a1f 708036 dovecot-managesieved_2.2.27-3+deb9u2_amd64.deb e16458d4dc8dd4ae82fc75964b0b82950ca8efc7 679048 dovecot-mysql_2.2.27-3+deb9u2_amd64.deb 8a5ca7128582c7f145fd3228edf6165b5b6e9995 681850 dovecot-pgsql_2.2.27-3+deb9u2_amd64.deb 5ef6389d3ac18ddb9d9c4d42ed52c986ba42f65b 698210 dovecot-pop3d_2.2.27-3+deb9u2_amd64.deb 3421633da72b26ff9832ee39bb6f9e45c42dde75 970448 dovecot-sieve_2.2.27-3+deb9u2_amd64.deb cae8d1006e55acbd6db356e6d372b448c3dc5ca8 689672 dovecot-solr_2.2.27-3+deb9u2_amd64.deb 9dd14f4906fc3d5e33779c21e33dc82b6dea944f 677076 dovecot-sqlite_2.2.27-3+deb9u2_amd64.deb 06da7abf15f8ef88ecaae58a62393aceb2d83cf7 12297 dovecot_2.2.27-3+deb9u2_amd64.buildinfo Checksums-Sha256: c17238c824dff83a841e167c9d5f97374d6baade9444b4a95cd31558d392c6f2 3416 dovecot_2.2.27-3+deb9u2.dsc 897f92a87cda4b27b243f8149ce0ba7b7e71a2be8fb7994eb0a025e54cde18e9 5794668 dovecot_2.2.27.orig.tar.gz c7771f0ec59e5fb4f2da546267757e611030a2098bc72e5ece8ddc82bb6e4e84 862944 dovecot_2.2.27-3+deb9u2.debian.tar.xz 8c9dabd7cc5cc05aa9f3cac4e5ce5f3b3d2c4ae01d55a5abf1130510a974d771 3324024 dovecot-core_2.2.27-3+deb9u2_amd64.deb 1c06afa8ee752cdab98ebd12bbb46b8a60e2de8a7715225119f2b4888b6e80c5 14125794 dovecot-dbg_2.2.27-3+deb9u2_amd64.deb ff0130188b485760a01a7fa0a7aa03320a4a1ee97ed786f5b98a1a796c62f6a6 960708 dovecot-dev_2.2.27-3+deb9u2_amd64.deb aa50df96bc6089e0cfc4b6e4a9d0c318336dbc65dabfc8dc2317f74170639154 678084 dovecot-gssapi_2.2.27-3+deb9u2_amd64.deb e128e3b973a0cefb81d177ba430638559a85194d614058f68d8a2eafc8af50c3 813812 dovecot-imapd_2.2.27-3+deb9u2_amd64.deb 8e31176456b25ac1d3abb9ddb5301a895dc196fff808c4a332e78a706d58e244 877588 dovecot-ldap_2.2.27-3+deb9u2_amd64.deb f66b131dfa9fbec4474bfa26dc01f43807a2f31651c882b1f79a58adda861c54 691994 dovecot-lmtpd_2.2.27-3+deb9u2_amd64.deb 9fb6327a2a10a9c3750f1315d374b502cfc99569ea0b36cc31b51f77524401ae 696544 dovecot-lucene_2.2.27-3+deb9u2_amd64.deb 390b3a9ad8dc4c6d60353cffc9544407d3b4704dc422b9182b3a64ba9e019bf3 708036 dovecot-managesieved_2.2.27-3+deb9u2_amd64.deb 042d13fe5d60453c02db240085bfc7f3c1f6b492f32cf381a0b4cf22cd66de44 679048 dovecot-mysql_2.2.27-3+deb9u2_amd64.deb af321373535c005946df4f8cb5dfff7b625717912f335e95a0950439e87ecf61 681850 dovecot-pgsql_2.2.27-3+deb9u2_amd64.deb 6cf7a1165b8d8f253eab7661f24ac798805a4144d02312c8918cbb87f5e219d9 698210 dovecot-pop3d_2.2.27-3+deb9u2_amd64.deb 090b48be85a0ffd091e501eafbabd99b9668fa94cc49f5a9046abc42cd8c5fed 970448 dovecot-sieve_2.2.27-3+deb9u2_amd64.deb 336f1aa2f9f274efc0124e49ac72be1bf7b81c2a6326a1eac94ab63c3c328dba 689672 dovecot-solr_2.2.27-3+deb9u2_amd64.deb 0f76da54dbd9b372b15efa910ab6fcd246ae0c4a6d8648186e11431aed024588 677076 dovecot-sqlite_2.2.27-3+deb9u2_amd64.deb 3d8d68f6133253fcfd841ada1359a4fc4dae368d51700de83fb2100a6df81993 12297 dovecot_2.2.27-3+deb9u2_amd64.buildinfo Files: d6b6a38912936bd44f0d25df9617192f 3416 mail optional dovecot_2.2.27-3+deb9u2.dsc 20133518f5bc0e64dd07ce55b83df2fb 5794668 mail optional dovecot_2.2.27.orig.tar.gz 364b4f75215711cd284dd35e66b92706 862944 mail optional dovecot_2.2.27-3+deb9u2.debian.tar.xz 36e22c74067c74b253079cdf491dbf50 3324024 mail optional dovecot-core_2.2.27-3+deb9u2_amd64.deb 004afcca0edc57f12c89ce38f894cce6 14125794 debug extra dovecot-dbg_2.2.27-3+deb9u2_amd64.deb 2b7a2d432ffa4477eabaf852f961a485 960708 mail optional dovecot-dev_2.2.27-3+deb9u2_amd64.deb 3ef61a16214c3c1f04ff05e414d24403 678084 mail optional dovecot-gssapi_2.2.27-3+deb9u2_amd64.deb 9a9cc36113b0cef7aba4781af7199661 813812 mail optional dovecot-imapd_2.2.27-3+deb9u2_amd64.deb cf941a501e84f5147af89a7702eeb19e 877588 mail optional dovecot-ldap_2.2.27-3+deb9u2_amd64.deb ac3bd76d4b0d3a527cf4af0cecc3e0de 691994 mail optional dovecot-lmtpd_2.2.27-3+deb9u2_amd64.deb e5d0d70f00ead574584b5afb67d1787c 696544 mail optional dovecot-lucene_2.2.27-3+deb9u2_amd64.deb adfe179422205035d17eb2ac1934ad6d 708036 mail optional dovecot-managesieved_2.2.27-3+deb9u2_amd64.deb 6067f16286eea1d13f7e011da65c7bdb 679048 mail optional dovecot-mysql_2.2.27-3+deb9u2_amd64.deb 066371236d24501037386e09e8dbd1bf 681850 mail optional dovecot-pgsql_2.2.27-3+deb9u2_amd64.deb 75333cc60838c70b50d39e308a6e5ca5 698210 mail optional dovecot-pop3d_2.2.27-3+deb9u2_amd64.deb a6937604779e029a34249707b9b3dd1d 970448 mail optional dovecot-sieve_2.2.27-3+deb9u2_amd64.deb f243339388d83081a6a592f1f5cd6a10 689672 mail optional dovecot-solr_2.2.27-3+deb9u2_amd64.deb 1bdd01ce24309ccaa6be20e0ca2e2c19 677076 mail optional dovecot-sqlite_2.2.27-3+deb9u2_amd64.deb 5a4d8ad4922218c51c7e8286bb613f81 12297 mail optional dovecot_2.2.27-3+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlqYiagACgkQ9RsYxyAk giRztBAAl/YLjjrtRtQH+DraMYD2OX8hs92DDVpFI1dPjuI5BwVfibPdddZK47Bm DvKLKJC4R1kigfeuJIypyRolf0cZG8Fmm/CTLCa88eLZJ05B0iYoPa3oDycum9VJ xfLLzfGPvjyoCEmXXttHlVbZr1vxPoNSHXUfkpsac7z2pXXabuCt5XjHTE0D/VYq fGUWZU1vjBwBWoWSUtCliFk3fbLh6cISyshNX2r4rmNJxRBnz1WPgxMi1ylLWT2w eSCc9CuMJUeCQA2vzEGo+/phWXchXmnlK6rxTYiLCD7STxDFDsbKrW7bxs6XUBfZ qsoycPxwTcJuRzXd1g4x+JaYtNeSKPVWw3fMTQkp12AvS5gVz7TIZ6QNsX9aVJLZ n7DRFANvGfXpyv32HnlFNjcuaM9mmYVJ/6sE7A4mnA0aICy8E2UFtZfukt4Zwopi 8IsruFNbeH/TP1d1ASVrs9E47phXhKC+38js6mxut2i7iGGE0PqhGX+jeCmr+Osb 6JxwOwCHteGC3uHx4UtDSvvqsOmqmGnG2AJ+geDRBs/Hrjmp0bFCPdNJE4t9v0Ko q4cVjQVE4SQtjvab1KNjv3YcWfnb2rN+LsUJCNnkMlCfUu+A9mujtRRyrKNvPn8K 5LjpRkHDSELZDxYoBB5zIBvkIgsV3ZsvG/humJrqs4aAqXHxC9Q= =ukwA -----END PGP SIGNATURE-----