Bug#891819: marked as done (dovecot: CVE-2017-14461: rfc822_parse_domain information leak vulnerability)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 23:17:52 +0000
with message-id <e1eunko-000gut...@fasolo.debian.org>
and subject line Bug#891819: fixed in dovecot 1:2.2.13-12~deb8u4
has caused the Debian Bug report #891819,
regarding dovecot: CVE-2017-14461: rfc822_parse_domain information leak 
vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
891819: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891819
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: dovecot
Version: 1:2.2.13-11
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for dovecot.

CVE-2017-14461[0]:
rfc822_parse_domain information leak vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14461
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: dovecot
Source-Version: 1:2.2.13-12~deb8u4

We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 891...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos <apoi...@debian.org> (supplier of updated dovecot 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 01 Mar 2018 19:12:05 +0200
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd 
dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap 
dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg
Architecture: source amd64
Version: 1:2.2.13-12~deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Dovecot Maintainers <jaldhar-dove...@debian.org>
Changed-By: Apollon Oikonomopoulos <apoi...@debian.org>
Description:
 dovecot-core - secure POP3/IMAP server - core files
 dovecot-dbg - secure POP3/IMAP server - debug symbols
 dovecot-dev - secure POP3/IMAP server - header files
 dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
 dovecot-imapd - secure POP3/IMAP server - IMAP daemon
 dovecot-ldap - secure POP3/IMAP server - LDAP support
 dovecot-lmtpd - secure POP3/IMAP server - LMTP server
 dovecot-lucene - secure POP3/IMAP server - Lucene support
 dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
 dovecot-mysql - secure POP3/IMAP server - MySQL support
 dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
 dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
 dovecot-sieve - secure POP3/IMAP server - Sieve filters support
 dovecot-solr - secure POP3/IMAP server - Solr support
 dovecot-sqlite - secure POP3/IMAP server - SQLite support
Closes: 888432 891819 891820
Changes:
 dovecot (1:2.2.13-12~deb8u4) jessie-security; urgency=high
 .
   * [eb6eab8] Fix CVE-2017-14461: rfc822_parse_domain information leak
     (Closes: #891819)
   * [df2ccf9] Fix CVE-2017-15130: TLS SNI config lookups are inefficient and
     can be used for DoS (Closes: #891820)
      + Use dh-autoreconf, as src/Makefile.in needs to be regenerated. Also
        disable dovecot_name.patch, since it changes dovecot's banner in
        conjunction with dh_autoreconf.
   * [292742f] Fix CVE-2017-15132: memory leak on aborted SASL auth
     (Closes: #888432)
   * [3e2ccd1] Add myself to Uploaders
Checksums-Sha1:
 672ac1c717a4b282ddf7a257da44d4449e6b178a 3335 dovecot_2.2.13-12~deb8u4.dsc
 ee8efc77cb9d502dc416ae4fba242adc5f01c163 4613824 dovecot_2.2.13.orig.tar.gz
 3b2c547fbb71013f208d4af025ba7b247f538977 746136 
dovecot_2.2.13-12~deb8u4.debian.tar.xz
 48e4c8d80e2210b20aed9d4860d74507449cfd69 2659458 
dovecot-core_2.2.13-12~deb8u4_amd64.deb
 9149f367fcca0d2dd588ca171000a0863a4cd7da 750702 
dovecot-dev_2.2.13-12~deb8u4_amd64.deb
 f26879470c738195253c70069f5b5c60010a1723 646064 
dovecot-imapd_2.2.13-12~deb8u4_amd64.deb
 7a7d63c3c1e072cffeec5979f9fe0a02093d1b7d 550854 
dovecot-pop3d_2.2.13-12~deb8u4_amd64.deb
 f98d39a658a309811545fbf0b950e1407017f67e 542652 
dovecot-lmtpd_2.2.13-12~deb8u4_amd64.deb
 36e1dcc76139c5d05e4213e61ee412b4472a3c53 569726 
dovecot-managesieved_2.2.13-12~deb8u4_amd64.deb
 93f4822b431eb2855aac1b9c67e3f9cf1f83b401 534078 
dovecot-pgsql_2.2.13-12~deb8u4_amd64.deb
 32ab8eb4c44023a4a7d4c2e9cbf1581cc0ea6d02 531716 
dovecot-mysql_2.2.13-12~deb8u4_amd64.deb
 8435022186ad05c316397eea9eba5d42d76010e0 529862 
dovecot-sqlite_2.2.13-12~deb8u4_amd64.deb
 46c75882c19f20dec299d47fc29c70db7d2c6249 545246 
dovecot-ldap_2.2.13-12~deb8u4_amd64.deb
 19b78c3b921f4c7af784f3116ab8ac04939df88a 531106 
dovecot-gssapi_2.2.13-12~deb8u4_amd64.deb
 217038f0ed1d8e80c486df330f089b5ac9c58bde 765088 
dovecot-sieve_2.2.13-12~deb8u4_amd64.deb
 37f3db9eda64c8f96906b6e85b241bbab6d572a9 542112 
dovecot-solr_2.2.13-12~deb8u4_amd64.deb
 6344508c4b6ababe59f8f4e8a5e2a1a0b11780f6 549200 
dovecot-lucene_2.2.13-12~deb8u4_amd64.deb
 d7855578205ee3e91e96cf5e27e19b0a78b468bc 6647346 
dovecot-dbg_2.2.13-12~deb8u4_amd64.deb
Checksums-Sha256:
 6ef74b76d29e5ed81290aa861bf67642a10e35fa033a4c621b959ec947e89240 3335 
dovecot_2.2.13-12~deb8u4.dsc
 133cf3d2aa81733f6688ec986c91dbe07602fad81e856ba3d8046ffca85d9dce 4613824 
dovecot_2.2.13.orig.tar.gz
 2789570bae0cb0a090679ca7d1ea5943d77fa35629b644c7c36bf5f5aca8133a 746136 
dovecot_2.2.13-12~deb8u4.debian.tar.xz
 507072b9f7395ac367858f6e77dc1a0d70f7513f9e55426a944da24d2e776ecc 2659458 
dovecot-core_2.2.13-12~deb8u4_amd64.deb
 e3396d64afb413a05c8886361e088b058e08f206f21c6a254482dafbc56be3b7 750702 
dovecot-dev_2.2.13-12~deb8u4_amd64.deb
 328e4785178827606b9ca55cb6f37ce24e5131fece87b50270fb95e1280b3ad4 646064 
dovecot-imapd_2.2.13-12~deb8u4_amd64.deb
 702eafb22a5df8314bb409c8ce3db4432f05ec2f10a4c35907d069d207608970 550854 
dovecot-pop3d_2.2.13-12~deb8u4_amd64.deb
 58cad6c318f600c57ad46483cb288c33c45de634d0e3c4e10af0bf30bd5d1a9d 542652 
dovecot-lmtpd_2.2.13-12~deb8u4_amd64.deb
 1b9d3b21735f0757f92d40c0ee99be584d64f1975821274fd3cc8e35ef3a11e5 569726 
dovecot-managesieved_2.2.13-12~deb8u4_amd64.deb
 e3bc14c86a8599a565de74810da486e6a7871b63abe60fb6ec5a15e7aa0c48f4 534078 
dovecot-pgsql_2.2.13-12~deb8u4_amd64.deb
 a31681f391cf0a1ac26a34a362ddb996dbfd6f68075b27b7a6f978b3484f975a 531716 
dovecot-mysql_2.2.13-12~deb8u4_amd64.deb
 ab1c9b14ca2e1b0dbcc5b39482851677892c35a2a352006304ffb30b00eb0a7e 529862 
dovecot-sqlite_2.2.13-12~deb8u4_amd64.deb
 4bef583d21a134969753733cd968e1cdcabfbb40266f925d648ee1699ea17778 545246 
dovecot-ldap_2.2.13-12~deb8u4_amd64.deb
 39b8dd10e9b49f2c37b973e817c5f1a0c0b0363fc0397fb817f09b25ddaabc14 531106 
dovecot-gssapi_2.2.13-12~deb8u4_amd64.deb
 06356a5e03e97b037cc31b010a807fd047b8bea4d5c44c70e6dc8e14ec70642a 765088 
dovecot-sieve_2.2.13-12~deb8u4_amd64.deb
 8821ce62cb94cc8b2e51f16cd1ceae9cd2f6840697ecc0e9a36237ca11890dc2 542112 
dovecot-solr_2.2.13-12~deb8u4_amd64.deb
 cae36dbe7b9a83af0ef6933bf29df26c7cd51863639c4cadb50ea7c992473b1c 549200 
dovecot-lucene_2.2.13-12~deb8u4_amd64.deb
 07e411eea445a5c3757f06be0c41616b7c7f452bc59be35cc1bf573a658b5662 6647346 
dovecot-dbg_2.2.13-12~deb8u4_amd64.deb
Files:
 42fe2b7b9c6afb169506c429f8d30cb8 3335 mail optional 
dovecot_2.2.13-12~deb8u4.dsc
 a3eb1c0b1822c4f2b0fe9247776baa71 4613824 mail optional 
dovecot_2.2.13.orig.tar.gz
 68d3ec040cd0154bc2efdf2251ad5e33 746136 mail optional 
dovecot_2.2.13-12~deb8u4.debian.tar.xz
 6eb1113ac92ef493a4e876fd7f7396c7 2659458 mail optional 
dovecot-core_2.2.13-12~deb8u4_amd64.deb
 9ec8c8336433660d85729d61516e13a5 750702 mail optional 
dovecot-dev_2.2.13-12~deb8u4_amd64.deb
 c6e884f46c7d9c328dd3671833f6257d 646064 mail optional 
dovecot-imapd_2.2.13-12~deb8u4_amd64.deb
 cd7fae19b9c2849bf38ae9fd02308cac 550854 mail optional 
dovecot-pop3d_2.2.13-12~deb8u4_amd64.deb
 61139aaaa6883a0a36c1ed8cc34d74f4 542652 mail optional 
dovecot-lmtpd_2.2.13-12~deb8u4_amd64.deb
 4e43cff0f03d62dd31c9c0c6e3818dc2 569726 mail optional 
dovecot-managesieved_2.2.13-12~deb8u4_amd64.deb
 7f7e4c71c170ec195830a70d3f475b38 534078 mail optional 
dovecot-pgsql_2.2.13-12~deb8u4_amd64.deb
 bbb0e89233db4744b5928f1a22fe164a 531716 mail optional 
dovecot-mysql_2.2.13-12~deb8u4_amd64.deb
 159c3466a17ca79978063d2e0772500a 529862 mail optional 
dovecot-sqlite_2.2.13-12~deb8u4_amd64.deb
 47f87696f83f0ad13ee3508d3da665b7 545246 mail optional 
dovecot-ldap_2.2.13-12~deb8u4_amd64.deb
 df92ab6ee72f337a088eb6a6e61471ed 531106 mail optional 
dovecot-gssapi_2.2.13-12~deb8u4_amd64.deb
 cf2943c4cdac08ee09e3810a5bd017e1 765088 mail optional 
dovecot-sieve_2.2.13-12~deb8u4_amd64.deb
 03b601d9cb420b5ace126a763700c55a 542112 mail optional 
dovecot-solr_2.2.13-12~deb8u4_amd64.deb
 207b8dabe95117caf8ce720f468c4a49 549200 mail optional 
dovecot-lucene_2.2.13-12~deb8u4_amd64.deb
 a943ad0db1a164a5246778071e99d151 6647346 debug extra 
dovecot-dbg_2.2.13-12~deb8u4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlqYj0oACgkQ9RsYxyAk
giTcYg//V7TZ7yPEko5s/vcGLsSlBue80r2Ymc0XvO8TeMCMoQ2FZHrWV67ExQ/V
5dkkQdKvkiQ22ylxuT3X5PpUZ6VGcx0wsMQMkzopyKAF9ETWXT2m9efljs9UUSTW
Tp/dNchDrn8JyMLQ5/UlVmV3nMpTdI6tvNCl9k7AadmYRSZqFAbX1tc/BklYZTYb
BefOKDU0bOkbhWBQ0nmQMRe5oqdaAEJE2/o99LUBXU4yDV74OhX/KWkeF1Yr3Doi
+JIXO5Fs0UwIkZUZyGk5ubnF05vAvfAEnZ7Vp92+mgLCZ9GflAG3MCFlU1tKeC18
iYGXF0KWIb6TNGyb0ZZjNpWQCMGZB8MeApyUd+xrGtCDVi85/a4HH98qG7zQPSX3
tmAXs/vtJPsbQc0RopEHAlm2FYRgvbpR3kl0bPHmKqqjRbwOoVFvrfrBXA2Ij0zP
aeWyGw0/URJ2w0+KomYcs2v+awn6frTssQG5Cv4wEmtiViER2TeqgpRHjR63f3GX
/ZBOlSxT9yA6MNpj1zFbDWFD0qoE40eZJSMv2vo29v7mtZohHZQYh10+pqcopuhd
aHSf5os4IOuMncsl/MrsHrQ2N3ZUNIwOLA/RRQQbDilc9PQUA1cadk/RwNvioQDM
RJYUS+ZJIf4Y/V339eAhKorG81wyPlzpbpmrrIm0iZF6rUyOdlI=
=Ac7/
-----END PGP SIGNATURE-----

--- End Message ---