Univention Bugzilla – Bug 51759
evolution-data-server: Multiple issues (4.4)
Last modified: 2020-08-05 15:15:39 CEST
New Debian evolution-data-server 3.22.7-1+deb9u2 fixes: This update addresses the following issue: * NULL pointer dereference elated to imapx_free_capability and imapx_connect_to_server (CVE-2020-16117)
--- mirror/ftp/4.4/unmaintained/component/4.4-5-errata/source/evolution-data-server_3.22.7-1+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/evolution-data-server_3.22.7-1+deb9u2.dsc @@ -1,3 +1,9 @@ +3.22.7-1+deb9u2 [Sun, 02 Aug 2020 22:42:43 +0300] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2020-16117: Crash on malformed server response with + minimal capabilities. + 3.22.7-1+deb9u1 [Thu, 16 Jul 2020 10:17:21 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: * CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3. <http://10.200.17.11/4.4-5/#7455837412410053379>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] d1dc6e6269 Bug #51759: evolution-data-server 3.22.7-1+deb9u2 doc/errata/staging/evolution-data-server.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x688>