[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark dovecot as no-dsa and rather schedule it via point-release

Salvatore Bonaccorso carnil at debian.org
Fri Jan 26 09:50:07 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de717e56 by Salvatore Bonaccorso at 2018-01-26T10:49:48+01:00
Mark dovecot as no-dsa and rather schedule it via point-release

There is a possible regression causing login processes to segfault when
dovecot is hammered with failed authentication attempts. To be on the
safe side we will wait on upstream's feedback and fix for that in
unstable and once adressed a fix can go via point release beeing exposed
as well futher in -proposed-updates first before entering stable and
oldstable.

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -22064,6 +22064,8 @@ CVE-2017-15133
 	RESERVED
 CVE-2017-15132 (A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of ...)
 	- dovecot <unfixed> (bug #888432)
+	[stretch] - dovecot <no-dsa> (Minor memory leak, will be fixed via point release)
+	[jessie] - dovecot <no-dsa> (Minor memory leak, will be fixed via point release)
 	NOTE: https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch
 CVE-2017-15131 (It was found that system umask policy is not being honored when ...)
 	- xdg-user-dirs <unfixed> (unimportant)


=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -16,9 +16,6 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 chromium-browser/stable
 --
-dovecot (carnil)
-  holding back upload due to possible regression
---
 graphicsmagick
 --
 imagemagick/oldstable (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de717e566c855c9c5f4e660b5ac5e990313b3ddc

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de717e566c855c9c5f4e660b5ac5e990313b3ddc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180126/caddf666/attachment.html>

More information about the Secure-testing-commits mailing list