Moving from one Dovecot server to another Dovecot server
Jiri Bourek
bourek at thinline.cz
Wed Aug 27 22:03:48 UTC 2014
On 27.8.2014 15:25, Michael wrote:
>
> Quoting Philipp Faeustlin <Philipp.Faeustlin at uni-hohenheim.de>:
>
>> Am 27.08.2014 um 14:52 schrieb Michael:
>
>>> I've already been aware of this web site. I saw that they offer only
>>> packages for Ubuntu 12.04. I'm Using Ubuntu 14.04. I know that often
>>> it's not a problem to take packages from another version. But I'm not
>>> sure if there are some conflicts to be expected. So I wrote an e-mail to
>>> the contact but did not get an answer yet.
>>> Do you have any information if this repo can also be used on Ubuntu
>>> 14.04 without problems?
>> No I haven't, but I think it is better to have the latest version of
>> Dovecot, especially with Ubuntu because not long ago I found this:
>> http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3430.html
>> I'm not sure how to judge this message but it doesn't sounds very good.
>
> You are right. According to [1] it doesn't look to be fixed in the most
> recent package provided by Ubuntu.
> It is fixed in version 2.2.13~rc1-1 which is not available for Ubuntu.
>
> I thought security issues will be fixed ASAP by the maintainer...
>
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747549
>
> Michael
Both Debian and Ubuntu usually stay on specific version of the software
in their stable branches and only backport fixes, mostly security
related ones.
The package you are looking for in Ubuntu is 1:2.2.9-1ubuntu2.1 . See
changelog for that package -
http://changelogs.ubuntu.com/changelogs/binary/d/dovecot-core/1:2.2.9-1ubuntu2.1/changelog
. According to this CVE-2014-3430 was fixed in may.
In Debian it's 1:2.1.7-7+deb7u1 , fixed in june
More information about the dovecot
mailing list