-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-09-24 08:39:39 UTC
-
mfrom:
(33.1.1 hardy-proposed)
-
Revision ID:
james.westby@ubuntu.com-20090924083939-zd1alaap9xkjeffe
Tags: 1:1.0.10-1ubuntu5.2
* SECURITY UPDATE: access restriction bypass from negative access rights
being treated as positive access rights in the ACL plugin
- debian/patches/security-CVE-2008-4577.dpatch: fix rights mask in
src/plugins/acl/acl-cache.c.
- CVE-2008-4577
* SECURITY UPDATE: arbitrary code execution via buffer overlows in
the Sieve plugin
- debian/patches/security-CVE-2009-3235.dpatch: increase scount size in
dovecot-sieve/src/libsieve/bc_eval.c, use snprintf in
dovecot-sieve/src/libsieve/sieve.y, use snprintf and calculate the
right length in dovecot-sieve/src/libsieve/script.c.
- CVE-2009-2632
- CVE-2009-3235