** Merge proposal linked:
https://code.launchpad.net/~mitchdz/ubuntu/+source/dovecot/+git/dovecot/+merge/472010
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077324
Title:
2.3.21.1 released mit
Yes, All versions in our archive are affected. Below I have the openwall
message and extracted the corresponding commits needed to address each
CVE.
* CVE-2024-23184 (https://www.openwall.com/lists/oss-security/2024/08/15/3)
-
https://github.com/dovecot/core/commit/f8b5e476dce314ea3f557330eeaa9c5
** Also affects: dovecot (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: dovecot (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: dovecot (Ubuntu Bionic)
Importance: Undecided
Status: New
--
You received this bug notification beca
I'll look into Noble to see if the CVE fixes can be cherry-picked.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077324
Title:
2.3.21.1 released mitigating CVE-2024-23184/CVE-2024-23185
To manage
I Prepared a merge for Oracular so we can get that in. Waiting on
builders & autopkgtest.
It's unclear to me exactly what versions are affected right now, Is
Jammy at 1:2.3.16+dfsg1-3ubuntu2.3 affected?
** Merge proposal linked:
https://code.launchpad.net/~mitchdz/ubuntu/+source/dovecot/+git/
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-23184
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-23185
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077324
T
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: dovecot (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077324
Title:
2.
