karasz
/
package-update
1
0
Fork 0
Code Issues Releases Activity
Browse Source

[dovecot] Updated (1.0.10 -> 1.0.13) : SECURITY - HIGH 

CVE-2008-1199 (Medium) :
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create
dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify
files or directories that are writable by group, via a symlink attack.

CVE-2008-1218 (Medium) :
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using
blocking passdbs, allows remote attackers to bypass the password check via a password
containing TAB characters, which are treated as argument delimiters that enable the
skip_password_check field to be specified.
early
Aldas Nabazas 17 years ago
parent
eb1fde8024
commit
14f8a374c5
1 changed files with 2 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      mail/dovecot/dovecot.desc

4
mail/dovecot/dovecot.desc
Unescape View File

@ -33,9 +33,9 @@
[L] GPL
[S] Stable
[V] 1.0.10
[V] 1.0.13
[P] X -----5---9 194.300
[CV-URL] http://www.dovecot.org/download.html
[D] 2673598774 dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/
[D] 3030217544 dovecot-1.0.13.tar.gz http://dovecot.org/releases/1.0/

Write Preview
Loading…
Cancel
Save