[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- Dovecot v1.2.11 -- DoS (excessive
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-04-01 15:52:06
Message-ID: 1102805932.207101270137126497.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:

> Hi Steve, vendors,
> 
>    Dovecot upstream has released latest v1.2.11 version of Dovecot IMAP
>    server: [1]
> 
>    http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
> 
>    addressing one denial of service issue (from upstream announcement):
>    "mbox users really should upgrade, because by sending a message with a
>    huge header you could basically cause a DoS (this problem exists only
>    with v1.2.x, not with v1.0 or v1.1)."
> 
>    References:
>      [2] http://dovecot.org/pipermail/dovecot/2010-February/047190.html
>      [3] http://dovecot.org/pipermail/dovecot/2010-February/047058.html
>      [4] http://secunia.com/advisories/38881/
> 

Please use CVE-2010-0745

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic