Bug#891819: marked as done (dovecot: CVE-2017-14461: rfc822_parse_domain information leak vulnerability)

[Debian Bug Tracking System]

Your message dated Sat, 03 Mar 2018 21:02:09 +0000
with message-id <e1eseid-000dig...@fasolo.debian.org>
and subject line Bug#891819: fixed in dovecot 1:2.2.27-3+deb9u2
has caused the Debian Bug report #891819,
regarding dovecot: CVE-2017-14461: rfc822_parse_domain information leak 
vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
891819: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891819
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: dovecot
Version: 1:2.2.13-11
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for dovecot.

CVE-2017-14461[0]:
rfc822_parse_domain information leak vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14461
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: dovecot
Source-Version: 1:2.2.27-3+deb9u2

We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 891...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos <apoi...@debian.org> (supplier of updated dovecot 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 01 Mar 2018 15:15:45 +0200
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd 
dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap 
dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg
Architecture: source amd64
Version: 1:2.2.27-3+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Dovecot Maintainers <jaldhar-dove...@debian.org>
Changed-By: Apollon Oikonomopoulos <apoi...@debian.org>
Description:
 dovecot-core - secure POP3/IMAP server - core files
 dovecot-dbg - secure POP3/IMAP server - debug symbols
 dovecot-dev - secure POP3/IMAP server - header files
 dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
 dovecot-imapd - secure POP3/IMAP server - IMAP daemon
 dovecot-ldap - secure POP3/IMAP server - LDAP support
 dovecot-lmtpd - secure POP3/IMAP server - LMTP server
 dovecot-lucene - secure POP3/IMAP server - Lucene support
 dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
 dovecot-mysql - secure POP3/IMAP server - MySQL support
 dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
 dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
 dovecot-sieve - secure POP3/IMAP server - Sieve filters support
 dovecot-solr - secure POP3/IMAP server - Solr support
 dovecot-sqlite - secure POP3/IMAP server - SQLite support
Closes: 888432 891819 891820
Changes:
 dovecot (1:2.2.27-3+deb9u2) stretch-security; urgency=high
 .
   * [794e743] Fix CVE-2017-14461: rfc822_parse_domain information leak
     vulnerability (Closes: #891819)
   * [530ca6d] Fix CVE-2017-15130: TLS SNI config lookups are inefficient and
     can be used for DoS (Closes: #891820)
      + Use dh-autoreconf, as src/Makefile.in needs to be regenerated. Also
        disable dovecot_name.patch, since it changes dovecot's banner in
        conjunction with dh_autoreconf.
   * [68c2156] Fix CVE-2017-15132: memory leak on aborted SASL auth (Closes:
     #888432)
Checksums-Sha1:
 4cfcc5d55d83674da715edb28218f5c6a5df93d1 3416 dovecot_2.2.27-3+deb9u2.dsc
 e007081c43b06fa2670d556de7a62bbb87fc637c 5794668 dovecot_2.2.27.orig.tar.gz
 7f79a204568dc0a59ac80edb5c9e03c1a4f89f07 862944 
dovecot_2.2.27-3+deb9u2.debian.tar.xz
 1271b4fce8a8521c6b36fcc0466ff9882266dd7e 3324024 
dovecot-core_2.2.27-3+deb9u2_amd64.deb
 2fc9e8eef25edcdc885c3d517c6f53042d4c89c4 14125794 
dovecot-dbg_2.2.27-3+deb9u2_amd64.deb
 146d8dd2723189aa9d3089303b2b3ed0f288cb9b 960708 
dovecot-dev_2.2.27-3+deb9u2_amd64.deb
 7ced1fef1d78646966527199c82898c31d283ba8 678084 
dovecot-gssapi_2.2.27-3+deb9u2_amd64.deb
 d6ada500d5361dbb438eb2a0c45c66c981a5419c 813812 
dovecot-imapd_2.2.27-3+deb9u2_amd64.deb
 429b12ab17eb73651a701072c84e357154a6e4e6 877588 
dovecot-ldap_2.2.27-3+deb9u2_amd64.deb
 b58c59e372b93c2f60a54ea776d2d2602714ed11 691994 
dovecot-lmtpd_2.2.27-3+deb9u2_amd64.deb
 0b15e80c1287596e573c000b073d1669f47f3945 696544 
dovecot-lucene_2.2.27-3+deb9u2_amd64.deb
 cafafe0be05c6d3380dc41d0f0924a4a6cfe3a1f 708036 
dovecot-managesieved_2.2.27-3+deb9u2_amd64.deb
 e16458d4dc8dd4ae82fc75964b0b82950ca8efc7 679048 
dovecot-mysql_2.2.27-3+deb9u2_amd64.deb
 8a5ca7128582c7f145fd3228edf6165b5b6e9995 681850 
dovecot-pgsql_2.2.27-3+deb9u2_amd64.deb
 5ef6389d3ac18ddb9d9c4d42ed52c986ba42f65b 698210 
dovecot-pop3d_2.2.27-3+deb9u2_amd64.deb
 3421633da72b26ff9832ee39bb6f9e45c42dde75 970448 
dovecot-sieve_2.2.27-3+deb9u2_amd64.deb
 cae8d1006e55acbd6db356e6d372b448c3dc5ca8 689672 
dovecot-solr_2.2.27-3+deb9u2_amd64.deb
 9dd14f4906fc3d5e33779c21e33dc82b6dea944f 677076 
dovecot-sqlite_2.2.27-3+deb9u2_amd64.deb
 06da7abf15f8ef88ecaae58a62393aceb2d83cf7 12297 
dovecot_2.2.27-3+deb9u2_amd64.buildinfo
Checksums-Sha256:
 c17238c824dff83a841e167c9d5f97374d6baade9444b4a95cd31558d392c6f2 3416 
dovecot_2.2.27-3+deb9u2.dsc
 897f92a87cda4b27b243f8149ce0ba7b7e71a2be8fb7994eb0a025e54cde18e9 5794668 
dovecot_2.2.27.orig.tar.gz
 c7771f0ec59e5fb4f2da546267757e611030a2098bc72e5ece8ddc82bb6e4e84 862944 
dovecot_2.2.27-3+deb9u2.debian.tar.xz
 8c9dabd7cc5cc05aa9f3cac4e5ce5f3b3d2c4ae01d55a5abf1130510a974d771 3324024 
dovecot-core_2.2.27-3+deb9u2_amd64.deb
 1c06afa8ee752cdab98ebd12bbb46b8a60e2de8a7715225119f2b4888b6e80c5 14125794 
dovecot-dbg_2.2.27-3+deb9u2_amd64.deb
 ff0130188b485760a01a7fa0a7aa03320a4a1ee97ed786f5b98a1a796c62f6a6 960708 
dovecot-dev_2.2.27-3+deb9u2_amd64.deb
 aa50df96bc6089e0cfc4b6e4a9d0c318336dbc65dabfc8dc2317f74170639154 678084 
dovecot-gssapi_2.2.27-3+deb9u2_amd64.deb
 e128e3b973a0cefb81d177ba430638559a85194d614058f68d8a2eafc8af50c3 813812 
dovecot-imapd_2.2.27-3+deb9u2_amd64.deb
 8e31176456b25ac1d3abb9ddb5301a895dc196fff808c4a332e78a706d58e244 877588 
dovecot-ldap_2.2.27-3+deb9u2_amd64.deb
 f66b131dfa9fbec4474bfa26dc01f43807a2f31651c882b1f79a58adda861c54 691994 
dovecot-lmtpd_2.2.27-3+deb9u2_amd64.deb
 9fb6327a2a10a9c3750f1315d374b502cfc99569ea0b36cc31b51f77524401ae 696544 
dovecot-lucene_2.2.27-3+deb9u2_amd64.deb
 390b3a9ad8dc4c6d60353cffc9544407d3b4704dc422b9182b3a64ba9e019bf3 708036 
dovecot-managesieved_2.2.27-3+deb9u2_amd64.deb
 042d13fe5d60453c02db240085bfc7f3c1f6b492f32cf381a0b4cf22cd66de44 679048 
dovecot-mysql_2.2.27-3+deb9u2_amd64.deb
 af321373535c005946df4f8cb5dfff7b625717912f335e95a0950439e87ecf61 681850 
dovecot-pgsql_2.2.27-3+deb9u2_amd64.deb
 6cf7a1165b8d8f253eab7661f24ac798805a4144d02312c8918cbb87f5e219d9 698210 
dovecot-pop3d_2.2.27-3+deb9u2_amd64.deb
 090b48be85a0ffd091e501eafbabd99b9668fa94cc49f5a9046abc42cd8c5fed 970448 
dovecot-sieve_2.2.27-3+deb9u2_amd64.deb
 336f1aa2f9f274efc0124e49ac72be1bf7b81c2a6326a1eac94ab63c3c328dba 689672 
dovecot-solr_2.2.27-3+deb9u2_amd64.deb
 0f76da54dbd9b372b15efa910ab6fcd246ae0c4a6d8648186e11431aed024588 677076 
dovecot-sqlite_2.2.27-3+deb9u2_amd64.deb
 3d8d68f6133253fcfd841ada1359a4fc4dae368d51700de83fb2100a6df81993 12297 
dovecot_2.2.27-3+deb9u2_amd64.buildinfo
Files:
 d6b6a38912936bd44f0d25df9617192f 3416 mail optional dovecot_2.2.27-3+deb9u2.dsc
 20133518f5bc0e64dd07ce55b83df2fb 5794668 mail optional 
dovecot_2.2.27.orig.tar.gz
 364b4f75215711cd284dd35e66b92706 862944 mail optional 
dovecot_2.2.27-3+deb9u2.debian.tar.xz
 36e22c74067c74b253079cdf491dbf50 3324024 mail optional 
dovecot-core_2.2.27-3+deb9u2_amd64.deb
 004afcca0edc57f12c89ce38f894cce6 14125794 debug extra 
dovecot-dbg_2.2.27-3+deb9u2_amd64.deb
 2b7a2d432ffa4477eabaf852f961a485 960708 mail optional 
dovecot-dev_2.2.27-3+deb9u2_amd64.deb
 3ef61a16214c3c1f04ff05e414d24403 678084 mail optional 
dovecot-gssapi_2.2.27-3+deb9u2_amd64.deb
 9a9cc36113b0cef7aba4781af7199661 813812 mail optional 
dovecot-imapd_2.2.27-3+deb9u2_amd64.deb
 cf941a501e84f5147af89a7702eeb19e 877588 mail optional 
dovecot-ldap_2.2.27-3+deb9u2_amd64.deb
 ac3bd76d4b0d3a527cf4af0cecc3e0de 691994 mail optional 
dovecot-lmtpd_2.2.27-3+deb9u2_amd64.deb
 e5d0d70f00ead574584b5afb67d1787c 696544 mail optional 
dovecot-lucene_2.2.27-3+deb9u2_amd64.deb
 adfe179422205035d17eb2ac1934ad6d 708036 mail optional 
dovecot-managesieved_2.2.27-3+deb9u2_amd64.deb
 6067f16286eea1d13f7e011da65c7bdb 679048 mail optional 
dovecot-mysql_2.2.27-3+deb9u2_amd64.deb
 066371236d24501037386e09e8dbd1bf 681850 mail optional 
dovecot-pgsql_2.2.27-3+deb9u2_amd64.deb
 75333cc60838c70b50d39e308a6e5ca5 698210 mail optional 
dovecot-pop3d_2.2.27-3+deb9u2_amd64.deb
 a6937604779e029a34249707b9b3dd1d 970448 mail optional 
dovecot-sieve_2.2.27-3+deb9u2_amd64.deb
 f243339388d83081a6a592f1f5cd6a10 689672 mail optional 
dovecot-solr_2.2.27-3+deb9u2_amd64.deb
 1bdd01ce24309ccaa6be20e0ca2e2c19 677076 mail optional 
dovecot-sqlite_2.2.27-3+deb9u2_amd64.deb
 5a4d8ad4922218c51c7e8286bb613f81 12297 mail optional 
dovecot_2.2.27-3+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlqYiagACgkQ9RsYxyAk
giRztBAAl/YLjjrtRtQH+DraMYD2OX8hs92DDVpFI1dPjuI5BwVfibPdddZK47Bm
DvKLKJC4R1kigfeuJIypyRolf0cZG8Fmm/CTLCa88eLZJ05B0iYoPa3oDycum9VJ
xfLLzfGPvjyoCEmXXttHlVbZr1vxPoNSHXUfkpsac7z2pXXabuCt5XjHTE0D/VYq
fGUWZU1vjBwBWoWSUtCliFk3fbLh6cISyshNX2r4rmNJxRBnz1WPgxMi1ylLWT2w
eSCc9CuMJUeCQA2vzEGo+/phWXchXmnlK6rxTYiLCD7STxDFDsbKrW7bxs6XUBfZ
qsoycPxwTcJuRzXd1g4x+JaYtNeSKPVWw3fMTQkp12AvS5gVz7TIZ6QNsX9aVJLZ
n7DRFANvGfXpyv32HnlFNjcuaM9mmYVJ/6sE7A4mnA0aICy8E2UFtZfukt4Zwopi
8IsruFNbeH/TP1d1ASVrs9E47phXhKC+38js6mxut2i7iGGE0PqhGX+jeCmr+Osb
6JxwOwCHteGC3uHx4UtDSvvqsOmqmGnG2AJ+geDRBs/Hrjmp0bFCPdNJE4t9v0Ko
q4cVjQVE4SQtjvab1KNjv3YcWfnb2rN+LsUJCNnkMlCfUu+A9mujtRRyrKNvPn8K
5LjpRkHDSELZDxYoBB5zIBvkIgsV3ZsvG/humJrqs4aAqXHxC9Q=
=ukwA
-----END PGP SIGNATURE-----

--- End Message ---