Moving from one Dovecot server to another Dovecot server

Michael mine at michi.su
Thu Aug 28 07:30:58 UTC 2014


Quoting Jiri Bourek <bourek at thinline.cz>:

> On 27.8.2014 15:25, Michael wrote:
>>
>> Quoting Philipp Faeustlin <Philipp.Faeustlin at uni-hohenheim.de>:
>>
>>> Am 27.08.2014 um 14:52 schrieb Michael:
>>
>>>> I've already been aware of this web site. I saw that they offer only
>>>> packages for Ubuntu 12.04. I'm Using Ubuntu 14.04. I know that often
>>>> it's not a problem to take packages from another version. But I'm not
>>>> sure if there are some conflicts to be expected. So I wrote an e-mail to
>>>> the contact but did not get an answer yet.
>>>> Do you have any information if this repo can also be used on Ubuntu
>>>> 14.04 without problems?
>>> No I haven't, but I think it is better to have the latest version of
>>> Dovecot, especially with Ubuntu because not long ago I found this:
>>> http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3430.html
>>> I'm not sure how to judge this message but it doesn't sounds very good.
>>
>> You are right. According to [1] it doesn't look to be fixed in the most
>> recent package provided by Ubuntu.
>> It is fixed in version 2.2.13~rc1-1 which is not available for Ubuntu.
>>
>> I thought security issues will be fixed ASAP by the maintainer...
>>
>> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747549
>>
>> Michael
>
> Both Debian and Ubuntu usually stay on specific version of the  
> software in their stable branches and only backport fixes, mostly  
> security related ones.
>
> The package you are looking for in Ubuntu is 1:2.2.9-1ubuntu2.1 .  
> See changelog for that package -  
> http://changelogs.ubuntu.com/changelogs/binary/d/dovecot-core/1:2.2.9-1ubuntu2.1/changelog . According to this CVE-2014-3430 was fixed in  
> may.
>
> In Debian it's 1:2.1.7-7+deb7u1 , fixed in june

Good to see that they fixed it within 5 days. Thanks for the URL.

Michael



More information about the dovecot mailing list