Accepted dovecot 1:2.3.11.3+dfsg1-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 13 Aug 2020 16:21:24 -0700
Source: dovecot
Architecture: source
Version: 1:2.3.11.3+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Dovecot Maintainers <dovecot@packages.debian.org>
Changed-By: Noah Meyerhans <noahm@debian.org>
Closes: 968302
Changes:
dovecot (1:2.3.11.3+dfsg1-1) unstable; urgency=high
.
* New upstream release fixes security issues (Closes: #968302)
- CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to
resource exhaustion as Dovecot attempts to parse it.
- CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
- CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Add libcap-dev to build-dependencies to support dropping linux
capabilities.
Checksums-Sha1:
0d8377d47def44b0c96e02f9aca91bf4862d26f4 3980 dovecot_2.3.11.3+dfsg1-1.dsc
24320f66d1b7dacf88e72bc941647e8bb65f1a70 1582932 dovecot_2.3.11.3+dfsg1.orig-pigeonhole.tar.gz
4a094ae503ded8ccea97cc06680fbb2e0f9c3171 7353412 dovecot_2.3.11.3+dfsg1.orig.tar.gz
b2a229e4fcd7df6b3e8bdcaf7b58f174069c8df6 866 dovecot_2.3.11.3+dfsg1.orig.tar.gz.asc
f1b6fefca1e22c9397d5708307d73ae62860b90d 60412 dovecot_2.3.11.3+dfsg1-1.debian.tar.xz
8cc56df2aae07cb936967ceaf4f0316e312ff8b1 7777 dovecot_2.3.11.3+dfsg1-1_source.buildinfo
Checksums-Sha256:
84df09ca5b96968daf4b0e3df31c2c5a2e0733f27b2c25b83d2708dcf346878d 3980 dovecot_2.3.11.3+dfsg1-1.dsc
73ffc0cff40b768f8dcf772957b58f3fe8b4a740ffe6fb6e9e66093aec41bc1c 1582932 dovecot_2.3.11.3+dfsg1.orig-pigeonhole.tar.gz
d3d9ea9010277f57eb5b9f4166a5d2ba539b172bd6d5a2b2529a6db524baafdc 7353412 dovecot_2.3.11.3+dfsg1.orig.tar.gz
fd73852972032af5e9b25992d94736d18460938ed21b9b6b10c9f77b5468ff89 866 dovecot_2.3.11.3+dfsg1.orig.tar.gz.asc
9e3c79b6f5555491bb9708eaa8596ee7d26da42ee7c6cca113b3fb18c4f61a1e 60412 dovecot_2.3.11.3+dfsg1-1.debian.tar.xz
19af65428bf9886b2536e71a6469af869f45eac9cd01cd140d267559d4960632 7777 dovecot_2.3.11.3+dfsg1-1_source.buildinfo
Files:
ee0cfbf3b7b42dec12dda382a603064b 3980 mail optional dovecot_2.3.11.3+dfsg1-1.dsc
5cf3c6d6f7a65a08776d236818936e11 1582932 mail optional dovecot_2.3.11.3+dfsg1.orig-pigeonhole.tar.gz
f06f2272fad04e7b0207f8d00a291f66 7353412 mail optional dovecot_2.3.11.3+dfsg1.orig.tar.gz
4310c7dff06239a534c731d5fc9ea7b0 866 mail optional dovecot_2.3.11.3+dfsg1.orig.tar.gz.asc
8eaa02a319a54438b07a8c297d0fc49d 60412 mail optional dovecot_2.3.11.3+dfsg1-1.debian.tar.xz
b353d7a725e5376fd0e4dfadf4ec318b 7777 mail optional dovecot_2.3.11.3+dfsg1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE65xaF5r2LDCTz+zyV68+Bn2yWDMFAl811ikRHG5vYWhtQGRl
Ymlhbi5vcmcACgkQV68+Bn2yWDO0pg//a5QwNhaON3DkS2sxffD3bHmCD9rthQ+s
UzD022AiHAKrZv7aGCkppHC3pjEPv13uYk1Vz0TbLsi9b9yqhaW7E3xLd3evzZhw
F8+A4dDDQ3YfXm1KnIXVoXZ3kgBB7bR58FiHA3ca2gULIU9nyCZAU5zVaB485EcE
gfkVi84R1ZLaAUq4Csp4ibcRN11svPvDQ1cGYTI7NmTnHMVmOuRBJGxQHXqkAk+R
dOl9omKS/MyKtPX9ecHVUjY8VgnQl6u5ws0ayHALWSSx4gh15Hp1ZaREHY59rs+M
Q59WNQOuRENfYrAZBvpKF5H0aVM7K/NKhJn40YKAgqVFpzDj4ey2UEKpqkl5rat5
FLsY1sLmr4hXD0m/cChM92WSMGveu/hB0p1F0ihre4JFaS4ZSJlIKk/mQ/881tLr
JIpJVPu5PUCbGEtSYW/5MDIL+QFRveAwjYOZqbTbzQIkAiJdTCWWgfxocg75ij6B
QavCvD9XAh/o6wHeeI5AJ/x+yZLf1SNzMViL6oPWsU4RyP8TLcQjhCHwQUEf851Q
2Qg0+DtFMY+NfQR0aYSAnOOdO8obAnSGTmnWxguCrxWkEomFQs9KcB/mH7vEzCxE
xOwVpKqOB/aJXCUeqExVAp/YVuvmCB6Z218CEKBR9YgVdULg1QFslP20H4EPHDrO
c1bmhkrQm0c=
=GDME
-----END PGP SIGNATURE-----
Reply to: