Bug 1520

Summary: Dovecot vulnerability
Product: Mageia Reporter: Jérôme Soyer <saispo>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact:
Severity: normal    
Priority: Normal CC: dmorganec, ennael1, pterjan
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: dovecot-1.2.17-1.mga1.src.rpm CVE:
Status comment:

Description Jérôme Soyer 2011-06-02 10:49:57 CEST 
Summary:

An attacker could send a crafted email message that could disrupt email
service.

Software Description:
- dovecot: IMAP and POP3 email server

Details:

It was discovered that the message header parser in Dovecot did not
properly handle '\0' characters in header names. This could allow a
remote attacker to cause a denial of service through a crafted email
message by crashing the Dovecot daemon or corrupting mailboxes.
Comment 1 Pascal Terjan 2011-06-07 11:31:21 CEST 
*** Bug 1550 has been marked as a duplicate of this bug. ***
Comment 2 Pascal Terjan 2011-06-07 11:31:34 CEST 
CVE-2011-1929

CC: (none) => pterjan

Manuel Hiebel 2011-08-30 09:53:17 CEST

CC: (none) => dmorganec

Comment 3 Anne Nicolas 2011-08-30 12:01:27 CEST 
Not available for Mageia as we already ship 2.1.17 version. This applies only to versions < 2.1.17

Status: NEW => RESOLVED
CC: (none) => ennael1
Resolution: (none) => INVALID