Fixed in 1.0-beta8: "Fixed a security hole with mbox: "1 LIST .. *" command could list all directories and files under the mbox root directory, so if your mails were stored in eg. /var/mail/%u/ directory, the command would list everything under /var/mail." http://dovecot.org/list/dovecot/2006-May/013385.html http://dovecot.org/list/dovecot/2006-May/013386.html
I've been bumping dovecot of late - want me to put beta 8 in g2boojum to fix this?
I've quickly tested beta8 on my server - seems to work OK so I've put it in portage.
Dear arches, please test and mark 1.0_beta8 stable, thanks.
Stable on x86.
Dear security team, sparc stable.
Stable in the almighty Alpha Architecture!
(In reply to comment #3) > Dear arches, please test and mark 1.0_beta8 stable, thanks. I talked with DerCorny on IRC and since amd64 doesn't have any versions of dovecot stable and the latest version is a "beta", we won't be marking this one stable. Please re-add us if people really do want amd64 to mark it stable.
ppc stable
Voting no, I fail to see the big security impact
yet another no
another no
Closing without GLSA.