Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package dovecot. 2.3.4.1-3, which was uploaded to unstable today, fixes two cases of buffer overflows (collectively known as CVE-2019-7524). Please allow it to migrate to testing as soon as possible. Full source debdiff against testing attached. Thanks, Apollon unblock dovecot/2.3.4.1-3
diff -Nru dovecot-2.3.4.1/debian/changelog dovecot-2.3.4.1/debian/changelog --- dovecot-2.3.4.1/debian/changelog 2019-03-14 11:02:39.000000000 +0200 +++ dovecot-2.3.4.1/debian/changelog 2019-03-25 23:06:01.000000000 +0200 @@ -1,3 +1,10 @@ +dovecot (1:2.3.4.1-3) unstable; urgency=high + + * [07c9212] Fix two buffer overflows when reading oversized FTS headers + and/or oversized POP3-UIDL headers (CVE-2019-7524). + + -- Apollon Oikonomopoulos <apoi...@debian.org> Mon, 25 Mar 2019 23:06:01 +0200 + dovecot (1:2.3.4.1-2) unstable; urgency=medium [ Laurent Bigonville ] diff -Nru dovecot-2.3.4.1/debian/patches/CVE-2019-7524 dovecot-2.3.4.1/debian/patches/CVE-2019-7524 --- dovecot-2.3.4.1/debian/patches/CVE-2019-7524 1970-01-01 02:00:00.000000000 +0200 +++ dovecot-2.3.4.1/debian/patches/CVE-2019-7524 2019-03-25 23:06:01.000000000 +0200 @@ -0,0 +1,59 @@ +From 2d31f0e08a80217c039be4aaae8de25bed0251f4 Mon Sep 17 00:00:00 2001 +From: Apollon Oikonomopoulos <apoi...@debian.org> +Date: Mon, 25 Mar 2019 23:04:44 +0200 +Subject: [PATCH] Fix CVE-2019-7524 + +commit ad1350ff036965c33f0aae20432ec73ca84f7819 +Author: Timo Sirainen <timo.sirai...@open-xchange.com> +Date: Mon Feb 4 19:25:13 2019 -0800 + + fts: Fix buffer overflow when reading oversized fts header + +commit 89e05f17de80e19078544ef887d83d160491214e +Author: Timo Sirainen <timo.sirai...@open-xchange.com> +Date: Mon Feb 4 19:23:02 2019 -0800 + + lib-storage: Fix buffer overflow when reading oversized hdr-pop3-uidl header +--- + src/lib-storage/index/index-pop3-uidl.c | 4 ++-- + src/plugins/fts/fts-api.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/lib-storage/index/index-pop3-uidl.c b/src/lib-storage/index/index-pop3-uidl.c +index 13b7363ef..e537e9ff5 100644 +--- a/src/lib-storage/index/index-pop3-uidl.c ++++ b/src/lib-storage/index/index-pop3-uidl.c +@@ -37,7 +37,7 @@ bool index_pop3_uidl_can_exist(struct mail *mail) + /* this header isn't set yet */ + return TRUE; + } +- memcpy(&uidl, data, size); ++ memcpy(&uidl, data, sizeof(uidl)); + return mail->uid <= uidl.max_uid_with_pop3_uidl; + } + +@@ -95,7 +95,7 @@ void index_pop3_uidl_update_exists_finish(struct mailbox_transaction_context *tr + + /* check if we have already the same header */ + if (size >= sizeof(uidl)) { +- memcpy(&uidl, data, size); ++ memcpy(&uidl, data, sizeof(uidl)); + if (trans->highest_pop3_uidl_uid == uidl.max_uid_with_pop3_uidl) + return; + } +diff --git a/src/plugins/fts/fts-api.c b/src/plugins/fts/fts-api.c +index 5a5b2a919..4f8a1c125 100644 +--- a/src/plugins/fts/fts-api.c ++++ b/src/plugins/fts/fts-api.c +@@ -425,7 +425,7 @@ bool fts_index_get_header(struct mailbox *box, struct fts_index_header *hdr_r) + i_zero(hdr_r); + ret = FALSE; + } else { +- memcpy(hdr_r, data, data_size); ++ memcpy(hdr_r, data, sizeof(*hdr_r)); + ret = TRUE; + } + mail_index_view_close(&view); +-- +2.20.1 + diff -Nru dovecot-2.3.4.1/debian/patches/series dovecot-2.3.4.1/debian/patches/series --- dovecot-2.3.4.1/debian/patches/series 2019-03-14 11:02:39.000000000 +0200 +++ dovecot-2.3.4.1/debian/patches/series 2019-03-25 23:06:01.000000000 +0200 @@ -9,4 +9,5 @@ ssl-dh-params-location.patch lib-master-test-event-stats-Use-PRIu64-format.patch avoid-double-closing-mysql.patch +CVE-2019-7524 debian-changes