Univention Bugzilla – Bug 57570
dovecot: Multiple issues (5.0)
Last modified: 2024-09-09 19:20:11 CEST
New Debian dovecot 1:2.3.4.1-5+deb10u8 fixes: This update addresses the following issues: 1:2.3.4.1-5+deb10u8 (Wed, 28 Aug 2024 00:53:14 +0200) * Non-maintainer upload by the ELTS Security Team. * Fix CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message. * Backport upstream change to parse multiple address headers the same as if they were in a single header. Upstream argues this is better from security point of view. * Backport upstream changes for CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) could become excessively CPU intensive.
--- mirror/ftp/pool/main/d/dovecot/dovecot_2.3.4.1-5+deb10u7.dsc +++ apt/ucs_5.0-0-errata5.0-8/source/dovecot_2.3.4.1-5+deb10u8.dsc @@ -1,3 +1,15 @@ +1:2.3.4.1-5+deb10u8 [Wed, 28 Aug 2024 00:53:14 +0200] Guilhem Moulin <guilhem@debian.org>: + + * Non-maintainer upload by the ELTS Security Team. + * Fix CVE-2024-23185: Very large headers can cause resource exhaustion when + parsing message. (Closes: #1078877) + * Backport upstream change to parse multiple address headers the same as if + they were in a single header. Upstream argues this is better from + security point of view. + * Backport upstream changes for CVE-2024-23184: Having a large number of + address headers (From, To, Cc, Bcc, etc.) could become excessively CPU + intensive. + 1:2.3.4.1-5+deb10u7 [Mon, 26 Sep 2022 06:17:50 +0200] Anton Gladky <gladk@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/5.0-8/#3313913014134898580>
*** Bug 57530 has been marked as a duplicate of this bug. ***
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts [5.0-8] 679562559c Bug #57570: dovecot 1:2.3.4.1-5+deb10u8 doc/errata/staging/dovecot.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)