[Secure-testing-team] Bug#627443: CVE-2011-1929
Moritz Muehlenhoff
jmm at debian.org
Fri May 20 16:44:46 UTC 2011
Package: dovecot
Severity: grave
Tags: security
Hi Dovecot maintainers,
CVE-2011-1929 was assigned to the following issue fixed in
1.2.17 and 2.0.13:
| Fixed potential crashes and other problems when parsing
| header names that contained NUL characters.
http://dovecot.org/pipermail/dovecot/2011-May/059085.html
http://dovecot.org/pipermail/dovecot/2011-May/059086.html
Patch:
http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
Could you contact upstream wrt the exact impact? What is
being crashed here, can someone only crash a delivery
thread or can the whole IMAP server be crashed through
malformed mail messages? In the latter case we should
release a DSA.
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Secure-testing-team
mailing list