Bug#627443: marked as done (CVE-2011-1929)

Debian Bug Tracking System Wed, 05 Oct 2011 18:57:20 -0700

Your message dated Thu, 06 Oct 2011 01:55:46 +0000
with message-id <e1rbdba-0005zn...@franck.debian.org>
and subject line Bug#627443: fixed in dovecot 1:1.2.15-7
has caused the Debian Bug report #627443,
regarding CVE-2011-1929
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
627443: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627443
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: dovecot
Severity: grave
Tags: security

Hi Dovecot maintainers,
CVE-2011-1929 was assigned to the following issue fixed in
1.2.17 and 2.0.13:

| Fixed potential crashes and other problems when parsing
| header names that contained NUL characters.

http://dovecot.org/pipermail/dovecot/2011-May/059085.html
http://dovecot.org/pipermail/dovecot/2011-May/059086.html

Patch:
http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c

Could you contact upstream wrt the exact impact? What is
being crashed here, can someone only crash a delivery
thread or can the whole IMAP server be crashed through
malformed mail messages? In the latter case we should
release a DSA.

Cheers,
        Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: dovecot
Source-Version: 1:1.2.15-7

We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive:

dovecot-common_1.2.15-7_amd64.deb
  to main/d/dovecot/dovecot-common_1.2.15-7_amd64.deb
dovecot-dbg_1.2.15-7_amd64.deb
  to main/d/dovecot/dovecot-dbg_1.2.15-7_amd64.deb
dovecot-dev_1.2.15-7_amd64.deb
  to main/d/dovecot/dovecot-dev_1.2.15-7_amd64.deb
dovecot-imapd_1.2.15-7_amd64.deb
  to main/d/dovecot/dovecot-imapd_1.2.15-7_amd64.deb
dovecot-pop3d_1.2.15-7_amd64.deb
  to main/d/dovecot/dovecot-pop3d_1.2.15-7_amd64.deb
dovecot_1.2.15-7.debian.tar.gz
  to main/d/dovecot/dovecot_1.2.15-7.debian.tar.gz
dovecot_1.2.15-7.dsc
  to main/d/dovecot/dovecot_1.2.15-7.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 627...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marco Nenciarini <mnen...@debian.org> (supplier of updated dovecot package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 25 May 2011 10:08:30 +0200
Source: dovecot
Binary: dovecot-common dovecot-dev dovecot-imapd dovecot-pop3d dovecot-dbg
Architecture: source amd64
Version: 1:1.2.15-7
Distribution: stable-security
Urgency: high
Maintainer: Dovecot Maintainers <jaldhar-dove...@debian.org>
Changed-By: Marco Nenciarini <mnen...@debian.org>
Description: 
 dovecot-common - secure mail server that supports mbox and maildir mailboxes
 dovecot-dbg - debug symbols for Dovecot
 dovecot-dev - header files for the dovecot mail server
 dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes
 dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes
Closes: 622384 627443
Changes: 
 dovecot (1:1.2.15-7) stable-security; urgency=high
 .
   * [2ffd812] Lifted Build-Conflicts with ancient linux-kernel-headers
     (Closes: #622384)
 .
 dovecot (1:1.2.15-6) stable-security; urgency=high
 .
   * Rebuilt in a clean squeeze environment, no changes.
 .
 dovecot (1:1.2.15-5) stable-security; urgency=high
 .
   * [feae144] Fixed potential crashes and other problems when parsing
     header names that contained NUL characters. (CVE-2011-1929)
     (Closes: #627443)
Checksums-Sha1: 
 b68551c57ec82349ca160aa84f3367dfe7f23845 2208 dovecot_1.2.15-7.dsc
 24d6b7588aa207e4e54c4afa154b72ac4c3d365b 1498403 dovecot_1.2.15-7.debian.tar.gz
 3d6214237b840729c50d3e0f0c57a4e678d478c3 5512336 
dovecot-common_1.2.15-7_amd64.deb
 e0cfaa672ae5edbbbeb06d57fc1b1649c1e3452a 658688 dovecot-dev_1.2.15-7_amd64.deb
 5c79e0b79865217b2fc1c45541d62a4a639a4b34 1177652 
dovecot-imapd_1.2.15-7_amd64.deb
 40ee0ae260a3c89296867da96bfaa1cd29682c27 1073328 
dovecot-pop3d_1.2.15-7_amd64.deb
 83b695c61203a19b3c6d03f3443d678c1e48382e 15064550 
dovecot-dbg_1.2.15-7_amd64.deb
Checksums-Sha256: 
 c58128627d87383635dff60d644bfe06b980ac8257a6511f89d6324bc19f040a 2208 
dovecot_1.2.15-7.dsc
 ee031d237f3d4f80ba84c11f92607aad696228007a2f3ba4b656815d1b24096e 1498403 
dovecot_1.2.15-7.debian.tar.gz
 2189c38f2edb69b5b22ebf24a7d2a7c498ace8fcb586135db77e0e89ea31a328 5512336 
dovecot-common_1.2.15-7_amd64.deb
 5cfdc027f8b8a2934fe81809dc385685def3669b5a113a43651418f086c2e024 658688 
dovecot-dev_1.2.15-7_amd64.deb
 66d122c8c6afd30a20aafd0b908193a42e99d132a50bac903b7de1dd9d19707e 1177652 
dovecot-imapd_1.2.15-7_amd64.deb
 6b67ed16a7ea50067d0b2d59e19a261077a832b65f8cf09765b580f94a376e38 1073328 
dovecot-pop3d_1.2.15-7_amd64.deb
 5a003e89e460f8709126680f230c0df1ab93eefcc6887629a52f374605637a74 15064550 
dovecot-dbg_1.2.15-7_amd64.deb
Files: 
 a0683e2fc190f3163b61593ae414cd2c 2208 mail optional dovecot_1.2.15-7.dsc
 90ba20465d1663701a7d136173325416 1498403 mail optional 
dovecot_1.2.15-7.debian.tar.gz
 a518b5864d8812c4165123e82a04144c 5512336 mail optional 
dovecot-common_1.2.15-7_amd64.deb
 d59e99ccf2adf2c8376d8ea8702f8ed7 658688 mail optional 
dovecot-dev_1.2.15-7_amd64.deb
 78316adbc53e5f7c26143ce10f0321ef 1177652 mail optional 
dovecot-imapd_1.2.15-7_amd64.deb
 9193fb9487a3a37ea64d80ab2f230dd8 1073328 mail optional 
dovecot-pop3d_1.2.15-7_amd64.deb
 b3c99bbd9869ef02357f20f53773e695 15064550 debug extra 
dovecot-dbg_1.2.15-7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJOjLM1AAoJEMXOXcLFQs1ZqwAP/A5V9WCdNtyiaqSkYDxXag4E
F/VXGAMqip2+9o3ZMhfzyhu07NUOp9HyU+be0+n9+5AqxLzA1HErwpPWRxv4oqfb
dnxp8LYMnr70y87gx0VdnH+dQ7Rr+V46GeaJK8OVTA9qDFTeXoFKMykXgGt+Wev+
XbgaCBm4HevT4yhQHCeyfRoyuoANkWRkzLn0vpUbxsxPKJLeWuTFnD1sX9x810hf
k9tff7TkXfLMspWo1IwZrt8CkK6J1guIZVDIqALyJhBiDTzF1somGX1Ofc31u0IR
yb7DnHS6bD/br+mfO4syErp9TIuak9Fn134GuXXOXmWhjF7qp09u0CGmtJMx21CK
n/M4PqCYzygtr+FQFA0SwXLL1heyhlO1tkmj9Uwwxr0hzBlaR92hDDVjOzcFXctZ
6mj3soBd9t6jHMQ0FqNm+sxIb/CHX4hhmUfCNsfbrSsk6liIQXSxCkHRJkKp77kn
cZbDZ0JsCZm1IyF2qNY+CLCONu8TND9I077iTrfe8LyQYhYwOtpL/YntWBvmFEiw
BKr1du1EqxJmT6ZVf3KwqFj2cATcwtfeXXfWmZIR1p89t6yTxqWXTfNy35zehju1
0eix2c/TDJxos153p7DLiiYldsF0FxYsR7qauTbGaLfLT7UC68l1YE+GjbnKYeD3
jYROoUMGCLK6I3N6fnHH
=vFXU
-----END PGP SIGNATURE-----

--- End Message ---

Bug#627443: marked as done (CVE-2011-1929)

Reply via email to