-
cyrus-imapd-2.2 (2.2.13-19squeeze3build0.10.04.1) lucid-security; urgency=low
* fake sync from Debian
cyrus-imapd-2.2 (2.2.13-19+squeeze3) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix possible NULL pointer dereference via crafted message reference
id caused by a missing sanitizing of the mail headers. This can be
exploited from a client making use of the IMAP threading feature
(CVE-2011-3481).
-- Steve Beattie <email address hidden> Fri, 27 Jan 2012 16:58:07 -0800
-
cyrus-imapd-2.2 (2.2.13-19squeeze2build0.10.04.1) lucid-security; urgency=low
* fake sync from Debian
cyrus-imapd-2.2 (2.2.13-19+squeeze2) stable-security; urgency=low
* Update Vcs-* and Homepage
* Fix stack-based buffer overflow in the split_wildmats function in
nntpd.c (CVE-2011-3208)
* Fix for authentication bypass in nntpd (SA46093)
cyrus-imapd-2.2 (2.2.13-19+squeeze1) stable-security; urgency=low
* Fix infinite loop in case of corrupted index files (Closes: #627078)
* Add gbp.conf to easy future updates
* Fix CVE-2011-1926: STARTTLS plaintext command injection
vulnerability (VU#555316) (Closes: #627081)
-- Steve Beattie <email address hidden> Tue, 18 Oct 2011 22:07:55 -0700
-
cyrus-imapd-2.2 (2.2.13-19squeeze1build0.10.04.1) lucid-security; urgency=low
* fake sync from Debian
cyrus-imapd-2.2 (2.2.13-19+squeeze1) stable-security; urgency=low
* Fix infinite loop in case of corrupted index files (Closes: #627078)
* Add gbp.conf to easy future updates
* Fix CVE-2011-1926: STARTTLS plaintext command injection
vulnerability (VU#555316) (Closes: #627081)
-- Jamie Strandboge <email address hidden> Fri, 10 Jun 2011 15:17:48 -0500
-
cyrus-imapd-2.2 (2.2.13-19) unstable; urgency=low
* Switch to BerkeleyDB 4.7, the version OpenLDAP uses.
* Add patch by Cristian Rigamonti to fix logcheck rules for "defaultbc
doesn't exist" error message. (Closes: #511030)
* Update Vietnamese debconf translation, thanks Clytie Siddall.
(Closes: #548052)
* Upload to unstable for the libkrb transition.
cyrus-imapd-2.2 (2.2.13-18) experimental; urgency=low
[ Henrique de Moraes Holschuh ]
* sieve/bc_eval.c (0025-upstream-fix-cve-2009-3235.dpatch):
update for completeness to match the patch used by the security-team:
use snprintf for scount, to future-proof against "int" larger than
64 bits.
[ Christoph Berg ]
* Add myself to Uploaders.
* Upgrade to use BerkeleyDB 4.8. (Closes: #421942)
* Convert to use quilt, and update the patch headers to use clean paths.
(Closes: #563303)
* Add patch by Mathieu Parent to fix conflicting getline definition.
(Closes: #552865)
cyrus-imapd-2.2 (2.2.13-17) unstable; urgency=high
* Security Update: CVE-2009-3235:
Multiple stack-based buffer overflows in the Sieve parsing code,
patches taken from upstream CVS (closes: #547947)
-- Michael Bienia <email address hidden> Mon, 29 Mar 2010 15:52:05 +0100
-
cyrus-imapd-2.2 (2.2.13-16ubuntu1) karmic; urgency=low
* Merge from debian unstable, remaining changes:
- Added debian/patches/99-bereklydb-4.6.dpatch which enables us to drop
libdb4.3 as a build dependency.
- Update conigure patching in 99-update-autoconf.
- Re-enable copying of config.{sub,guess}, given the upstream provided one
is from 1999.
* debian/patches/99-fix-cyrus-imapd.dpatch: Fix FTBFS.
cyrus-imapd-2.2 (2.2.13-16) unstable; urgency=high
* Justification for high urgency: Get security update from -15 into
testing as fast as possible since -15 was removed before it could
migrate.
* Fix build dependency on tcl-dev (keeping old tcl8.3-dev to make
backports easier) (Closes: 545281)
* Fix up README.Debian.database (Closes: 543293)
* Build against newer cyrus-sasl (Closes: 527495,528468)
* Fix cyrus-common postinst to only run makedirs if a new upstream
is installed (Closes: 545512), add a README to note that the
postinst needs to be changed with each new upstream
* Fix find syntax in cyrus-makedirs (Closes: 545554)
cyrus-imapd-2.2 (2.2.13-15) unstable; urgency=high
[Security Update]
* Fixes buffer overflow in SIEVE script handling -> high urgency
Problem has no CVE tag assigned, is not yet announced by upstream,
but upstream patch is in public CVS -> not embargoed.
[Sven Mueller]
* change example script mbox2cyrus to remove bashisms (Closes: #489558,
thanks to Andres Mejia)
* change Makefile so that no (intended) non-phony target invokes a phony
target. Also remove empty lines inside rules or replace them by comment
lines
* Added patches for translation updates as provided by Christian Perrier
(see below)
* update cyrus-makedirs to be more performant (using xargs to call chmod
et al. instead of using find -exec, this avoids lots of forks)
* remove build dependency alternate libsnmp5-dev (not even in oldstable
anymore), add alternative libsnmp-dev (as in stable)
* update standards-version to 3.8.3.0
- add README.source
- remove version from perl build dependency
[ Christian Perrier ]
* Debconf templates and debian/control reviewed by the debian-l10n-
english team as part of the Smith review project. Closes: #523989
* [Debconf translation updates]
- Swedish. Closes: #524090
- Czech. Closes: #524092
- Japanese. Closes: #524121
- Russian. Closes: #525704
- Portuguese. Closes: #525912
- German. Closes: #525913
- Galician. Closes: #524267
- Italian. Closes: #524312
- French. Closes: #524954
- Finnish. Closes: #526182
- Bokmål, Norwegian. Closes: #526231
- Spanish. Closes: #526358
- Basque. Closes: #530856
-- Chuck Short <email address hidden> Wed, 09 Sep 2009 02:17:14 +0100
