[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- Dovecot v1.2.11 -- DoS (excessive
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-04-01 15:52:06
Message-ID: 1102805932.207101270137126497.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
> Hi Steve, vendors,
>
> Dovecot upstream has released latest v1.2.11 version of Dovecot IMAP
> server: [1]
>
> http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
>
> addressing one denial of service issue (from upstream announcement):
> "mbox users really should upgrade, because by sending a message with a
> huge header you could basically cause a DoS (this problem exists only
> with v1.2.x, not with v1.0 or v1.1)."
>
> References:
> [2] http://dovecot.org/pipermail/dovecot/2010-February/047190.html
> [3] http://dovecot.org/pipermail/dovecot/2010-February/047058.html
> [4] http://secunia.com/advisories/38881/
>
Please use CVE-2010-0745
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic