Your message dated Wed, 14 Dec 2016 21:06:54 +0000
with message-id <[email protected]>
and subject line Bug#846605: fixed in dovecot 1:2.2.27-1
has caused the Debian Bug report #846605,
regarding dovecot: CVE-2016-8652: remote crash when auth-policy component is
activated
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
846605: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846605
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dovecot
Version: 1:2.2.26.0-4
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for dovecot.
CVE-2016-8652[0]:
remote crash when auth-policy component is activated
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8652
[1] http://dovecot.org/list/dovecot-news/2016-November/000332.html
[2] http://www.openwall.com/lists/oss-security/2016/12/02/4
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dovecot
Source-Version: 1:2.2.27-1
We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Apollon Oikonomopoulos <[email protected]> (supplier of updated dovecot
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 14 Dec 2016 21:48:46 +0200
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd
dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap
dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg
Architecture: source
Version: 1:2.2.27-1
Distribution: unstable
Urgency: medium
Maintainer: Dovecot Maintainers <[email protected]>
Changed-By: Apollon Oikonomopoulos <[email protected]>
Description:
dovecot-core - secure POP3/IMAP server - core files
dovecot-dbg - secure POP3/IMAP server - debug symbols
dovecot-dev - secure POP3/IMAP server - header files
dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
dovecot-imapd - secure POP3/IMAP server - IMAP daemon
dovecot-ldap - secure POP3/IMAP server - LDAP support
dovecot-lmtpd - secure POP3/IMAP server - LMTP server
dovecot-lucene - secure POP3/IMAP server - Lucene support
dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
dovecot-mysql - secure POP3/IMAP server - MySQL support
dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
dovecot-sieve - secure POP3/IMAP server - Sieve filters support
dovecot-solr - secure POP3/IMAP server - Solr support
dovecot-sqlite - secure POP3/IMAP server - SQLite support
Closes: 846605
Changes:
dovecot (1:2.2.27-1) unstable; urgency=medium
.
[ Jaldhar H. Vyas ]
* [b1e4693] Imported Upstream version 2.2.27
+ Includes fix for CVE-2016-8652 (Closes: #846605)
.
[ Apollon Oikonomopoulos ]
* [b25993a] Drop patches merged upstream:
+ call_openssl_cleanup_at_deinit.patch
+ disable_sslv23.patch
Checksums-Sha1:
cf164bebcf5c34fb0bc5e83ac4b26f1a8a1cd93c 3393 dovecot_2.2.27-1.dsc
e007081c43b06fa2670d556de7a62bbb87fc637c 5794668 dovecot_2.2.27.orig.tar.gz
10c9c896e5f82562169a2e697204ee63ba427ad6 851720 dovecot_2.2.27-1.debian.tar.xz
Checksums-Sha256:
6b9bc3a3dd64fc348466bafeac91a80a8eb66f1931c5102a8745776f97dde2e8 3393
dovecot_2.2.27-1.dsc
897f92a87cda4b27b243f8149ce0ba7b7e71a2be8fb7994eb0a025e54cde18e9 5794668
dovecot_2.2.27.orig.tar.gz
5a46a507f3592c6307e0d190bfc67ed6d88d9c5e92f268393296d2860c730d79 851720
dovecot_2.2.27-1.debian.tar.xz
Files:
2c19a0f52378a269ec1e76a67bfcad10 3393 mail optional dovecot_2.2.27-1.dsc
20133518f5bc0e64dd07ce55b83df2fb 5794668 mail optional
dovecot_2.2.27.orig.tar.gz
627cb0e22d5878ed3c4b2e067c9c98da 851720 mail optional
dovecot_2.2.27-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlhRojgTHGFwb2lrb3NA
ZGViaWFuLm9yZwAKCRD1GxjHICSCJHARD/4mQHsLF4d0jBSPyI3Iz2CkTkfpTXXy
jGKu/y4HnW8WdsnMRTsDvwsEheqje0/kWeaH0Gza/Ytc76VpOU/J2kniBeAmJ+Gj
jTAtKH2C35/Rq2jfYwcVakVvJMqFXfMDnrXqeCLzNP0rMHjG3hDCG/X+Rzco+qeZ
7s4rwCd7hlFvB2rgSQ3Yze9lSr2BOPM9sEh4keUnVjmvBsD+6Ij71aEcjevBRhSq
8mgpzMPTEBpkk6jFGlsv8py1UpbHeBtFbf6bWMzyRFL2nMDXXkg7ADtQFJnwiAUE
f/RL43GQqL88pa00+FiSsf3+t4ahmYKVmVJZwM2UTbSMnVCuJBHE3QnbLK0REVcC
owAK5r3ehNLYUM8/3ocBi8YvMNDNY00pvTX9m1ROdSrbGera2D0qt7Sr9uvzaTJo
txEcgqfWT/ZAUt+Cy6m0+mt6z6X4OgLKSj+P0svnaAf34/F9ybzFeY0YYosJqmP0
0ilKNY7zK5VwzmWrOFjdrHPPWxYn6QLPPCcLGkO8Y1URg42guscdLRQsumbjd7lz
rXfto2wW4Js9TnXzq+XgKlqgTmzIsboX23ksp8io2t1IgPkIHuWkzUtq94VgiZGn
vzuP5dLBXbP0xnIDvAvGcwxfIvQ3efX1Onv5ZLeqNck49VbrcOInXZobuDc4Jijl
Fyi1MdJbmdMfWA==
=HS2o
-----END PGP SIGNATURE-----
--- End Message ---