Package "dovecot"

Name: dovecot


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • secure POP3/IMAP server - core files
  • secure POP3/IMAP server - debug symbols
  • secure POP3/IMAP server - header files
  • secure POP3/IMAP server - IMAP daemon

Latest version: 1:2.2.22-1ubuntu2.13
Release: xenial (16.04)
Level: security
Repository: main


Other versions of "dovecot" in Xenial

Repository Area Version
base main 1:2.2.22-1ubuntu2
base universe 1:2.2.22-1ubuntu2
security universe 1:2.2.22-1ubuntu2.13
updates main 1:2.2.22-1ubuntu2.13
updates universe 1:2.2.22-1ubuntu2.13

Packages in group

Deleted packages are displayed in grey.


Version: 1:2.2.22-1ubuntu2.7 2018-03-05 13:07:35 UTC

  dovecot (1:2.2.22-1ubuntu2.7) xenial-security; urgency=medium

  * SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
    - debian/patches/CVE-2017-14461/*.patch: upstream parsing fixes.
    - CVE-2017-14461
  * SECURITY UPDATE: TLS SNI config lookups DoS
    - debian/patches/CVE-2017-15130/*.patch: upstream config filtering fix.
    - CVE-2017-15130

 -- Marc Deslauriers <email address hidden> Tue, 27 Feb 2018 07:46:12 -0500

Source diff to previous version
CVE-2017-14461 A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive info
CVE-2017-15130 A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration

Version: 1:2.2.22-1ubuntu2.6 2018-02-01 20:07:10 UTC

  dovecot (1:2.2.22-1ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
    - debian/patches/CVE-2017-15132.patch: fix memory leak in
      auth_client_request_abort() in src/lib-auth/auth-client-request.c.
    - debian/patches/CVE-2017-15132-additional.patch: remove request after
      abort in src/lib-auth/auth-client-request.c,
    - CVE-2017-15132

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 31 Jan 2018 12:58:33 -0300

Source diff to previous version
CVE-2017-15132 A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by log

Version: 1:2.2.22-1ubuntu2.4 2017-04-12 05:08:35 UTC
No changelog available yet.

About   -   Send Feedback to @ubuntu_updates