Bug#925924: unblock: dovecot/2.3.4.1-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package dovecot.
2.3.4.1-3, which was uploaded to unstable today, fixes two cases of
buffer overflows (collectively known as CVE-2019-7524). Please allow it
to migrate to testing as soon as possible. Full source debdiff against
testing attached.
Thanks,
Apollon
unblock dovecot/2.3.4.1-3
diff -Nru dovecot-2.3.4.1/debian/changelog dovecot-2.3.4.1/debian/changelog
--- dovecot-2.3.4.1/debian/changelog 2019-03-14 11:02:39.000000000 +0200
+++ dovecot-2.3.4.1/debian/changelog 2019-03-25 23:06:01.000000000 +0200
@@ -1,3 +1,10 @@
+dovecot (1:2.3.4.1-3) unstable; urgency=high
+
+ * [07c9212] Fix two buffer overflows when reading oversized FTS headers
+ and/or oversized POP3-UIDL headers (CVE-2019-7524).
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Mon, 25 Mar 2019 23:06:01 +0200
+
dovecot (1:2.3.4.1-2) unstable; urgency=medium
[ Laurent Bigonville ]
diff -Nru dovecot-2.3.4.1/debian/patches/CVE-2019-7524 dovecot-2.3.4.1/debian/patches/CVE-2019-7524
--- dovecot-2.3.4.1/debian/patches/CVE-2019-7524 1970-01-01 02:00:00.000000000 +0200
+++ dovecot-2.3.4.1/debian/patches/CVE-2019-7524 2019-03-25 23:06:01.000000000 +0200
@@ -0,0 +1,59 @@
+From 2d31f0e08a80217c039be4aaae8de25bed0251f4 Mon Sep 17 00:00:00 2001
+From: Apollon Oikonomopoulos <apoikos@debian.org>
+Date: Mon, 25 Mar 2019 23:04:44 +0200
+Subject: [PATCH] Fix CVE-2019-7524
+
+commit ad1350ff036965c33f0aae20432ec73ca84f7819
+Author: Timo Sirainen <timo.sirainen@open-xchange.com>
+Date: Mon Feb 4 19:25:13 2019 -0800
+
+ fts: Fix buffer overflow when reading oversized fts header
+
+commit 89e05f17de80e19078544ef887d83d160491214e
+Author: Timo Sirainen <timo.sirainen@open-xchange.com>
+Date: Mon Feb 4 19:23:02 2019 -0800
+
+ lib-storage: Fix buffer overflow when reading oversized hdr-pop3-uidl header
+---
+ src/lib-storage/index/index-pop3-uidl.c | 4 ++--
+ src/plugins/fts/fts-api.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib-storage/index/index-pop3-uidl.c b/src/lib-storage/index/index-pop3-uidl.c
+index 13b7363ef..e537e9ff5 100644
+--- a/src/lib-storage/index/index-pop3-uidl.c
++++ b/src/lib-storage/index/index-pop3-uidl.c
+@@ -37,7 +37,7 @@ bool index_pop3_uidl_can_exist(struct mail *mail)
+ /* this header isn't set yet */
+ return TRUE;
+ }
+- memcpy(&uidl, data, size);
++ memcpy(&uidl, data, sizeof(uidl));
+ return mail->uid <= uidl.max_uid_with_pop3_uidl;
+ }
+
+@@ -95,7 +95,7 @@ void index_pop3_uidl_update_exists_finish(struct mailbox_transaction_context *tr
+
+ /* check if we have already the same header */
+ if (size >= sizeof(uidl)) {
+- memcpy(&uidl, data, size);
++ memcpy(&uidl, data, sizeof(uidl));
+ if (trans->highest_pop3_uidl_uid == uidl.max_uid_with_pop3_uidl)
+ return;
+ }
+diff --git a/src/plugins/fts/fts-api.c b/src/plugins/fts/fts-api.c
+index 5a5b2a919..4f8a1c125 100644
+--- a/src/plugins/fts/fts-api.c
++++ b/src/plugins/fts/fts-api.c
+@@ -425,7 +425,7 @@ bool fts_index_get_header(struct mailbox *box, struct fts_index_header *hdr_r)
+ i_zero(hdr_r);
+ ret = FALSE;
+ } else {
+- memcpy(hdr_r, data, data_size);
++ memcpy(hdr_r, data, sizeof(*hdr_r));
+ ret = TRUE;
+ }
+ mail_index_view_close(&view);
+--
+2.20.1
+
diff -Nru dovecot-2.3.4.1/debian/patches/series dovecot-2.3.4.1/debian/patches/series
--- dovecot-2.3.4.1/debian/patches/series 2019-03-14 11:02:39.000000000 +0200
+++ dovecot-2.3.4.1/debian/patches/series 2019-03-25 23:06:01.000000000 +0200
@@ -9,4 +9,5 @@
ssl-dh-params-location.patch
lib-master-test-event-stats-Use-PRIu64-format.patch
avoid-double-closing-mysql.patch
+CVE-2019-7524
debian-changes
Reply to: