Your message dated Tue, 30 Apr 2019 18:48:37 +0000 with message-id <e1hlxnx-000gjl...@fasolo.debian.org> and subject line Bug#928235: fixed in dovecot 1:2.3.4.1-5 has caused the Debian Bug report #928235, regarding dovecot: CVE-2019-11494 CVE-2019-11499 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 928235: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928235 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: dovecot Version: 1:2.3.4.1-4 Severity: grave Tags: security upstream Justification: user security hole Hi, The following vulnerabilities were published for dovecot. CVE-2019-11494[0]: | Submission-login crashes with signal 11 due to null pointer access | when authentication is aborted by disconnecting. CVE-2019-11499[1]: | Submission-login crashes when authentication is started over TLS | secured channel and invalid authentication message is sent If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11494 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11494 https://dovecot.org/pipermail/dovecot/2019-April/115757.html [1] https://security-tracker.debian.org/tracker/CVE-2019-11499 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11499 https://dovecot.org/pipermail/dovecot/2019-April/115758.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: dovecot Source-Version: 1:2.3.4.1-5 We believe that the bug you reported is fixed in the latest version of dovecot, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 928...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Apollon Oikonomopoulos <apoi...@debian.org> (supplier of updated dovecot package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 30 Apr 2019 21:26:28 EEST Source: dovecot Architecture: source Version: 1:2.3.4.1-5 Distribution: unstable Urgency: medium Maintainer: Dovecot Maintainers <dove...@packages.debian.org> Changed-By: Apollon Oikonomopoulos <apoi...@debian.org> Closes: 928235 Changes: dovecot (1:2.3.4.1-5) unstable; urgency=medium . * [bd00402] Fix CVE-2019-11494 and CVE-2019-11499 (Closes: #928235) - submission-login: fix null pointer dereference when client disconnects during authentication (CVE-2019-11494) - submission-login: fix assert-crash when receiving an invalid authentication message over TLS (CVE-2019-11499) Checksums-Sha256: 45fa97e83e60abaf567518a061fc8b30b7cca7a07af475cd7316dc8e449110a5 3590 dovecot_2.3.4.1-5.dsc 51d4699c3631ca2cb7bcae5ddb9a945b4cd927879ebc4a0c3e9fdc7f4dab425e 533900 dovecot_2.3.4.1-5.debian.tar.xz a89ddd4ab25b58a67ee4975a8b6f9316bc656f5cabd725ab27d7317bbf372f50 9024 dovecot_2.3.4.1-5_source.buildinfo d244ae94e316e69a1c2fb272cadd71a5c87b4dfa88edfcc511eceb1dd2252c5d 1286 dovecot_2.3.4.1.orig.tar.gz.asc Checksums-Sha1: 5c4c28e1a5440ae449f74f5889e6d81098cd4f2f 3590 dovecot_2.3.4.1-5.dsc d84107710a4aa1e948e6ea212c086fa0b20bf5b2 533900 dovecot_2.3.4.1-5.debian.tar.xz 1722fc76dfbf12976487ecc658d46b841a8978bd 9024 dovecot_2.3.4.1-5_source.buildinfo cf6a7d63be252c98b0aeed62fb1e8cea558fd2a1 1286 dovecot_2.3.4.1.orig.tar.gz.asc Files: 320c2f1e20bebdee323da34e0e00ee26 3590 mail optional dovecot_2.3.4.1-5.dsc d0a6314f3421f98c319fc36e722beed1 533900 mail optional dovecot_2.3.4.1-5.debian.tar.xz 66fb79cb18868b42061d768953d89eff 9024 mail optional dovecot_2.3.4.1-5_source.buildinfo 8c93e4114a2edfd50e881bc0be06e82a 1286 - - dovecot_2.3.4.1.orig.tar.gz.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlzIk20ACgkQ9RsYxyAk giQydhAAsxAm+13OJqYqBGacS3AD9KeGys46uTMxRBazynuE3SyP+QqXtjtyT5z8 AyUImVKp7Xc/GpHi5qmNqTFtPeNkpHHWNy6UBIRUjFZZbU4ed3QfV+KQwNgyJqrV /RUsvOQ/lqkwf7Umdgr77Y2lHUwNy+tlKVIa2XdzEuW8rTb76PVFFYVxn0Ao9vH0 KHB+ew2rjNKz8EmMSJWc4EfW+4OUY4b9Rkfb9f30tP29ordEXsFoD2A8Y9Y5844a YW1v80NVyLAmD+2eQJhGgc0WWgzYCnoVXaH2MSeVswYrSz6SU3aPnrS6Jg2r+hvq 8dHU3HJftg306RFZk5GStG4jk407xE3MQxOo6wC15qZCECdNsTH+nUnmF8i2nM/R 5jOrlOEWC9ZBKMX2o5Nzby81lJmnv3UgBrcAReliidCmnM4EL48jC6zqXS91k7vB vG2POoVQiBU7l5VBo3J4jJ2TsQ64wdzKfCWqX0epq/l+WKWdbntWdlPHyVizURYL WK63lw3QltM3MOG/SFaLYr3BoJBz902VImG4eIpjrSpfLDPiPJgaHxUFSqZBuNzD Qa0seWL1JoHEEmj4BzPTcWtmXcdRSOoX0IGX497WxFctlli149DHdYCkVFXjgbYg JBy6/isrcTTWOSRxrxaHvC2w1TEoSJUi4eGhV04MMfqYFtubvoo= =yxHS -----END PGP SIGNATURE-----
--- End Message ---
