-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2011-01-10 15:29:47 UTC
-
Revision ID:
james.westby@ubuntu.com-20110110152947-4whjzb611tgbi5g7
Tags: 1:1.2.12-1ubuntu8.1
* SECURITY UPDATE: information disclosure via newly created mailboxes
with incorrect ACLs
- debian/patches/CVE-2010-3304.patch: verify the directory isn't the
same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c.
- CVE-2010-3304
* SECURITY UPDATE: ACL bypass via incorrect ACL merging
- debian/patches/CVE-2010-370x.patch: fix logic of merging multiple
ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c,
acl-cache.c}.
- CVE-2010-3706
- CVE-2010-3707
* SECURITY UPDATE: restriction bypass via mailbox ACL changing
- debian/patches/CVE-2010-3779.patch: don't give admin rights to all
owner mailboxes in src/plugins/acl/acl-backend-vfile.c.
- CVE-2010-3779
* SECURITY UPDATE: denial of service via many simultaneous disconnects.
- debian/patches/CVE-2010-3780.patch: don't die after three failed
writes to log in src/lib/failures.c.
- CVE-2010-3780
* debian/control: removed linux-kernel-headers from Build-Conflicts to
resolve building with sbuild.