Quoting Jiri Bourek <bou...@thinline.cz>:
On 27.8.2014 15:25, Michael wrote:
Quoting Philipp Faeustlin <philipp.faeust...@uni-hohenheim.de>:
Am 27.08.2014 um 14:52 schrieb Michael:
I've already been aware of this web site. I saw that they offer only
packages for Ubuntu 12.04. I'm Using Ubuntu 14.04. I know that often
it's not a problem to take packages from another version. But I'm not
sure if there are some conflicts to be expected. So I wrote an e-mail to
the contact but did not get an answer yet.
Do you have any information if this repo can also be used on Ubuntu
14.04 without problems?
No I haven't, but I think it is better to have the latest version of
Dovecot, especially with Ubuntu because not long ago I found this:
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3430.html
I'm not sure how to judge this message but it doesn't sounds very good.
You are right. According to [1] it doesn't look to be fixed in the most
recent package provided by Ubuntu.
It is fixed in version 2.2.13~rc1-1 which is not available for Ubuntu.
I thought security issues will be fixed ASAP by the maintainer...
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747549
Michael
Both Debian and Ubuntu usually stay on specific version of the
software in their stable branches and only backport fixes, mostly
security related ones.
The package you are looking for in Ubuntu is 1:2.2.9-1ubuntu2.1 .
See changelog for that package -
http://changelogs.ubuntu.com/changelogs/binary/d/dovecot-core/1:2.2.9-1ubuntu2.1/changelog . According to this CVE-2014-3430 was fixed in
may.
In Debian it's 1:2.1.7-7+deb7u1 , fixed in june
Good to see that they fixed it within 5 days. Thanks for the URL.
Michael
