1520 – Dovecot vulnerability

Bug 1520 - Dovecot vulnerability

Summary: Dovecot vulnerability

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:

URL:
Whiteboard:
Keywords:

Duplicates (1):	1550 (view as bug list)
Depends on:
Blocks:

Reported:	2011-06-02 10:49 CEST by Jérôme Soyer
Modified:	2011-08-30 12:01 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	dovecot-1.2.17-1.mga1.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jérôme Soyer 2011-06-02 10:49:57 CEST

Summary:

An attacker could send a crafted email message that could disrupt email
service.

Software Description:
- dovecot: IMAP and POP3 email server

Details:

It was discovered that the message header parser in Dovecot did not
properly handle '\0' characters in header names. This could allow a
remote attacker to cause a denial of service through a crafted email
message by crashing the Dovecot daemon or corrupting mailboxes.

Comment 1 Pascal Terjan 2011-06-07 11:31:21 CEST

*** Bug 1550 has been marked as a duplicate of this bug. ***

Comment 2 Pascal Terjan 2011-06-07 11:31:34 CEST

CVE-2011-1929

CC: (none) => pterjan

Manuel Hiebel 2011-08-30 09:53:17 CEST

CC: (none) => dmorganec

Comment 3 Anne Nicolas 2011-08-30 12:01:27 CEST

Not available for Mageia as we already ship 2.1.17 version. This applies only to versions < 2.1.17

Status: NEW => RESOLVED
CC: (none) => ennael1
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.