On 27.8.2014 15:25, Michael wrote:
Quoting Philipp Faeustlin <Philipp.Faeustlin@uni-hohenheim.de>:
Am 27.08.2014 um 14:52 schrieb Michael:
I've already been aware of this web site. I saw that they offer only packages for Ubuntu 12.04. I'm Using Ubuntu 14.04. I know that often it's not a problem to take packages from another version. But I'm not sure if there are some conflicts to be expected. So I wrote an e-mail to the contact but did not get an answer yet. Do you have any information if this repo can also be used on Ubuntu 14.04 without problems? No I haven't, but I think it is better to have the latest version of Dovecot, especially with Ubuntu because not long ago I found this: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3430.html I'm not sure how to judge this message but it doesn't sounds very good.
You are right. According to [1] it doesn't look to be fixed in the most recent package provided by Ubuntu. It is fixed in version 2.2.13~rc1-1 which is not available for Ubuntu.
I thought security issues will be fixed ASAP by the maintainer...
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747549
Michael
Both Debian and Ubuntu usually stay on specific version of the software in their stable branches and only backport fixes, mostly security related ones.
The package you are looking for in Ubuntu is 1:2.2.9-1ubuntu2.1 . See changelog for that package - http://changelogs.ubuntu.com/changelogs/binary/d/dovecot-core/1:2.2.9-1ubunt... . According to this CVE-2014-3430 was fixed in may.
In Debian it's 1:2.1.7-7+deb7u1 , fixed in june