[Backports-security-announce] Security update for dovecot

2009-10-0118:15:41

lists.debian.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Jaldhar H. Vyas uploaded new packages which fix the following problem:

DSA-1892-1
CVE-2009-2632, CVE-2009-3235
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot

For the etch-backports distribution the problem has been fixed in
version 1.0.15-2.3+lenny1~bpo40+1

For the lenny-backports distribution the problem has been fixed in
version 1.2.4-2~bpo50+1 (note this is because the 1.2.x series include an
entirely new sieve plugin.)

Upgrade instructions

If you don't use pinning
(http://backports.org/dokuwiki/doku.php?id=instructions) you have to
update the package manually via apt-get -t lenny-backports install
<packagename>.

We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically.

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200

Jaldhar H. Vyas <[email protected]>

OSVersionArchitecturePackageVersionFilename
Debian4mipselcyrus-pop3d-2.2< 2.2.13-10+etch4cyrus-pop3d-2.2_2.2.13-10+etch4_mipsel.deb
Debian4mipskolab-cyrus-pop3d< 2.2.13-2+etch2kolab-cyrus-pop3d_2.2.13-2+etch2_mips.deb
Debian5s390dovecot-imapd< 1.0.15-2.3+lenny1dovecot-imapd_1.0.15-2.3+lenny1_s390.deb
Debian4ia64libcyrus-imap-perl22< 2.2.13-10+etch4libcyrus-imap-perl22_2.2.13-10+etch4_ia64.deb
Debian5armdovecot-dev< 1.0.15-2.3+lenny1dovecot-dev_1.0.15-2.3+lenny1_arm.deb
Debian5amd64dovecot-common< 1.0.15-2.3+lenny1dovecot-common_1.0.15-2.3+lenny1_amd64.deb
Debian4i386kolab-cyrus-imapd< 2.2.13-2+etch2kolab-cyrus-imapd_2.2.13-2+etch2_i386.deb
Debian4s390dovecot-pop3d< 1.0.rc15-2etch5dovecot-pop3d_1.0.rc15-2etch5_s390.deb
Debian5sparckolab-cyrus-clients< 2.2.13-5+lenny2kolab-cyrus-clients_2.2.13-5+lenny2_sparc.deb
Debian5amd64kolab-cyrus-imapd< 2.2.13-5+lenny2kolab-cyrus-imapd_2.2.13-5+lenny2_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	4	mipsel	cyrus-pop3d-2.2	< 2.2.13-10+etch4	cyrus-pop3d-2.2_2.2.13-10+etch4_mipsel.deb
Debian	4	mips	kolab-cyrus-pop3d	< 2.2.13-2+etch2	kolab-cyrus-pop3d_2.2.13-2+etch2_mips.deb
Debian	5	s390	dovecot-imapd	< 1.0.15-2.3+lenny1	dovecot-imapd_1.0.15-2.3+lenny1_s390.deb
Debian	4	ia64	libcyrus-imap-perl22	< 2.2.13-10+etch4	libcyrus-imap-perl22_2.2.13-10+etch4_ia64.deb
Debian	5	arm	dovecot-dev	< 1.0.15-2.3+lenny1	dovecot-dev_1.0.15-2.3+lenny1_arm.deb
Debian	5	amd64	dovecot-common	< 1.0.15-2.3+lenny1	dovecot-common_1.0.15-2.3+lenny1_amd64.deb
Debian	4	i386	kolab-cyrus-imapd	< 2.2.13-2+etch2	kolab-cyrus-imapd_2.2.13-2+etch2_i386.deb
Debian	4	s390	dovecot-pop3d	< 1.0.rc15-2etch5	dovecot-pop3d_1.0.rc15-2etch5_s390.deb
Debian	5	sparc	kolab-cyrus-clients	< 2.2.13-5+lenny2	kolab-cyrus-clients_2.2.13-5+lenny2_sparc.deb
Debian	5	amd64	kolab-cyrus-imapd	< 2.2.13-5+lenny2	kolab-cyrus-imapd_2.2.13-5+lenny2_amd64.deb