-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-09-24 08:28:12 UTC
-
Revision ID:
james.westby@ubuntu.com-20090924082812-1bkeaj0scok62gzn
Tags: 1:1.1.4-0ubuntu1.3
* SECURITY UPDATE: directory traversal vulnerability in the the
ManageSieve implementation (LP: #307291)
- debian/patches/security-CVE-2008-5301.dpatch: filter out slashes in
script names in dovecot-managesieve/src/lib-sievestorage/
{sieve-storage-save.c,sieve-storage-script.c}.
- CVE-2008-5301
* SECURITY UPDATE: arbitrary code execution via buffer overlows in
the Sieve plugin
- debian/patches/security-CVE-2009-3235.dpatch: increase scount size in
dovecot-sieve/src/libsieve/bc_eval.c, use snprintf in
dovecot-sieve/src/libsieve/sieve.y, use snprintf and calculate the
right length in dovecot-sieve/src/libsieve/script.c.
- CVE-2009-2632
- CVE-2009-3235