dovecot (1:2.3.19.1+dfsg1-2.1+deb12u1) bookworm-security; urgency=medium
* Security team upload:
* [4fb8905] Import upstream fix for CVE-2024-23184 (Closes: #1078876)
* [f428c53] Import upstream fix for CVE-2024-23185 (Closes: #1078877)
-- Noah Meyerhans <noahm@debian.org> Sun, 18 Aug 2024 10:25:33 -0400
dovecot (1:2.3.19.1+dfsg1-2.1) unstable; urgency=medium
* Non-maintainer upload.
* [b02ebc9] Don't use deprecated crypt module.
(closes: #1028513)
-- Bas Couwenberg <sebastic@debian.org> Fri, 20 Jan 2023 07:01:26 +0100
dovecot (1:2.3.19.1+dfsg1-2) unstable; urgency=medium
[ Christian Göttsche ]
* [281fb2c] d/patches: cherry-pick fix for CVE-2022-30550 (Closes: #1016351)
* [9c58e71] d/patches: fix uninitialized read in doveadm-oldstats
* [a76a24d] d/control: bump to standards version 4.6.1 (no further changes)
* [4aaaa8b] Update Lintian overrides
-- Noah Meyerhans <noahm@debian.org> Fri, 29 Jul 2022 19:58:28 -0700
dovecot (1:2.3.19.1+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [e40f93f] d/patches: avoid usage of PATH_MAX not available on hurd
* [19e00cd] d/rules: enable backtrace generation
* [5bf1c43] d/patches: debug flaky unit test
[ Noah Meyerhans ]
* [b73422f] New upstream version 2.3.19.1+dfsg1
* [c88bfc0] Update changelog for 1:2.3.19.1+dfsg1-1 release
* [ca59548] Update lintian overrides
* [d6406c2] d/copyright: update declarations for current maintainers
-- Noah Meyerhans <noahm@debian.org> Wed, 22 Jun 2022 09:27:01 -0700
dovecot (1:2.3.19+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [0d29e45] d/rules: enable LTO via DEB_BUILD_MAINT_OPTIONS instead of custom flags
* [560cceb] d/source/lintian-overrides: update very-long-line-length-in-source-file overrides
* [b99d09e] d/copyright: update years
* [9ee8271] d/dovecot-core.prerm: drop as superseded by debhelper
* [907f85c] d/maintscripts: update
* [2b38240] d/dovecot-core.postinst: drop support for version skips
* [dcb76d1] d/dovecot-core.postinst: only link certs if existent (Closes: #1009872)
* [d223bbd] d/patches: add patch to support openssl 3.0 (Closes: #996273)
[ Noah Meyerhans ]
* [9f3175e] New upstream version 2.3.19+dfsg1
-- Noah Meyerhans <noahm@debian.org> Sun, 05 Jun 2022 18:29:18 +0000
dovecot (1:2.3.18+dfsg1-1) unstable; urgency=medium
[ Noah Meyerhans ]
* [36966c8] New upstream version 2.3.18+dfsg1
* [042bda4] Refresh patches for 1:2.3.18+dfsg1-1
-- "Noah Meyerhans" <noahm@debian.org> Thu, 10 Feb 2022 20:05:50 +0000
dovecot (1:2.3.17.1+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [40b0010] New upstream version 2.3.17+dfsg1
* [3c377e0] New upstream version 2.3.17.1+dfsg1
* [e2f1ce2] d/patches: rebase and drop upstream applied ones
* [533b7ad] d/control: bump to standards version 4.6.0 (no further changes)
* [02ed6cf] debian: reduce Lintian issues
* [bb3ae48] d/salsa-ci.yml: skip cross build and do not fail on Lintian
warnings
* [bcda7e4] d/control: build against Lua 5.4
* [9eed0dd] d/control: enable libunwind support on available archs
* [1990699] d/patches: cherry-pick memory leak commit
* [426df46] d/patches: cherry-pick imapsieve fix
* [e3d0747] d/patches: add patch for LTO by avoiding unaligned access
(Closes: #997513)
-- Noah Meyerhans <noahm@debian.org> Tue, 14 Dec 2021 09:24:23 -0800
dovecot (1:2.3.16+dfsg1-3) unstable; urgency=medium
* [7b858b6] Fix FTBFS on mips(64)el. Stacktrace generation on these
architectures requires -funwind-tables, as with 32-bit arm.
-- Noah Meyerhans <noahm@debian.org> Thu, 16 Sep 2021 08:41:27 -0700
dovecot (1:2.3.16+dfsg1-2) unstable; urgency=medium
[ Christian Göttsche ]
* [e1e9ece] d/patches: rework backtrace test patch
* [be404bf] d/patches: add big-endian patch
-- Noah Meyerhans <noahm@debian.org> Fri, 10 Sep 2021 16:10:50 -0700
dovecot (1:2.3.16+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [ff4a227] New upstream version 2.3.14+dfsg1
* [963fa3b] New upstream version 2.3.15+dfsg1 (Closes: #991323, #983510)
* [5e0c898] d/watch: adjust dversionmangle for dfsg suffix
* [9ffb0f5] d/patches: update
* [850e1d6] New upstream version 2.3.16+dfsg1
* [7140b87] d/patches: rebase patches
* [fb1b77e] d/rules: enable LTO
* [ce7055d] d/control: add libsystemd-dev dependency
* [db93263] d/copyright: drop unused section
* [aeec1e8] d/rules: update how to set systemdsystemunitdir
* [ebe9709] d/patches: resolve compiler warnings
* [19b2bb0] d/changelog: bump to 1:2.3.16+dfsg1-1
* [58a4078] d/patches: update 32bit warnings patch
[ Noah Meyerhans ]
* [f217c2e] Fix indexer crash
* [b075317] Import upstream patch for indexer crash on client disconnect
* [36e8740] drop debian/dovecot-core.maintscript
-- Noah Meyerhans <noahm@debian.org> Thu, 02 Sep 2021 13:22:16 -0700
dovecot (1:2.3.13+dfsg1-2) unstable; urgency=high
* Import upstream fixes for security issues (Closes: #990566):
- CVE-2021-29157: Path traversal issue allowing an attacker with
access to the local filesystem can trick OAuth2 authentication into
using an HS256 validation key from an attacker-controlled location
- CVE-2021-33515: Sensitive information could be redirected to an
attacker-controlled address because of a STARTTLS command injection
bug in the submission service
-- Noah Meyerhans <noahm@debian.org> Tue, 20 Jul 2021 08:05:19 -0700
dovecot (1:2.3.13+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [6829237] New upstream version 2.3.13 (Closes: #979363)
- CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
- CVE-2020-25275: MIME parsing crashes with particular messages
* [6d25736] Add libzstd-dev to build-dependencies (Closes: #969165)
* [5956798] Rebase patches
* [2cb63c3] Bump to standards version 4.5.1 (no further changes)
* [548bac5] Drop unmatched copyright src/lib-ntlm/* wildcard
* [6f33f3f] Ignore package-contains-documentation-outside-usr-share-doc
false-positives
* [dde9c94] Handle removed configuration file in postinst
[ Pino Toscano ]
* [04a60e3] d/{control,rules}: disable apparmor support on !linux archs
(Closes: #951869)
[ Helmut Grohne ]
* [e5f9fcb] d/patches: improve cross-compile support (Closes: #979370)
-- Noah Meyerhans <noahm@debian.org> Mon, 25 Jan 2021 15:38:17 -0800
dovecot (1:2.3.11.3+dfsg1-2) unstable; urgency=medium
[ Christian Göttsche ]
* [44770f6] Add patch for 32bit compiler warnings
* [053865a] Lintian: remove unused override
* [4ece2e1] Lintian: add forwarded header to Debian specific patches
* [67872b7] Lintian: ignore Debian only man page
* [d30bd7e] Lintian: tag manpage-without-executable got renamed to
spare-manual-page
* [3bdf952] Limit libcap-dev build-dependency to linux-any
* [28f6425] Drop acute accent in man page
* [8c15850] Add patch allowing GSSAPI containing NULL
-- Noah Meyerhans <noahm@debian.org> Wed, 19 Aug 2020 12:06:07 -0700
dovecot (1:2.3.11.3+dfsg1-1) unstable; urgency=high
* New upstream release fixes security issues (Closes: #968302)
- CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to
resource exhaustion as Dovecot attempts to parse it.
- CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
- CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Add libcap-dev to build-dependencies to support dropping linux
capabilities.
-- Noah Meyerhans <noahm@debian.org> Thu, 13 Aug 2020 16:21:24 -0700
dovecot (1:2.3.10.1+dfsg1-2) unstable; urgency=medium
* Support sd_notify with systemd (Closes: #951722)
* Add necessary CFLAGS and LDFLAGS settings to ensure functional backtrace
generation. (Closes: #962630)
* Suppress additional library-not-linked-against-libc lintian warnings some
plugins as false-positives, observed on armel systems
[ Andreas Hasenack ]
* d/t/control, d/t/testmails: cherry-pick updated autopkgtests from
Ubuntu's 1:2.2.35-2ubuntu1:
- d/t/testmails: dropped the hardcoded "Ubuntu" name from the banner
text and made it distribution agnostic
- d/t/control: added lsb-release to test dependencies, used to get the
distribution name
-- Noah Meyerhans <noahm@debian.org> Tue, 16 Jun 2020 08:29:02 -0700
dovecot (1:2.3.10.1+dfsg1-1) unstable; urgency=medium
* New upstream release addresses multiple security issues
- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
(Closes: #960963, #930919, #928492)
* Refresh patches
* Strip non-DFSG-compliant docs from .orig archives
* Incorporate a number of improvements to debian/ metadata contributed by
Christian Göttsche <cgzones@googlemail.com>
* Move pid file to /run (Closes: #925443)
* Add noahm@debian.org to Uploaders
* Work around flakiness in autopkgtest suite
* Suppress library-not-linked-against-libc lintian warnings some plugins as
false-positives
-- Noah Meyerhans <noahm@debian.org> Wed, 10 Jun 2020 10:41:37 -0700
dovecot (1:2.3.7.2-1) unstable; urgency=medium
* [dcaf24e] New upstream version 2.3.7.2
- Fixes CVE-2019-11500 for dovecot-core
* [111beef] Update pigeonhole to 0.5.7.2
- Fixes CVE-2019-11500 for pigeonhole/managesieve
* [a422c4c] Bump Standards-Version to 4.4.0; no changes needed
* [56e37ed] Bump dh compat to 12; no changes needed.
- Drop d/compat in favor debhelper-compat B-D.
* [476edbd] Refresh dovecot_name.patch and ssl-cert-location.patch
* [9dc7904] Drop patches included in 2.3.7.2.
- CVE-2019-10691
- CVE-2019-11494
- CVE-2019-11499
- CVE-2019-7524
- avoid-double-closing-mysql.patch
- lib-master-test-event-stats-Use-PRIu64-format.patch
-- Apollon Oikonomopoulos <apoikos@debian.org> Thu, 29 Aug 2019 11:55:51 +0300
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog dovecot-lmtpd`.
Generated by dwww version 1.15 on Fri Aug 29 21:29:23 CEST 2025.