Possible DoS and some performance issues addressd mbox users really should upgrade, because by sending a message with a huge header you could basically cause a DoS (this problem exists only with v1.2.x, not with v1.0 or v1.1). - mbox: Message header reading was unnecessarily slow. Fetching a huge header could have resulted in Dovecot eating a lot of CPU. Also searching messages was much slower than necessary. - mbox, dbox, cydir: Mail root directory was created with 0770 permissions, instead of 0700. - maildir: Reading uidlist could have ended up in an infinite loop. - IMAP IDLE: v1.2.7+ caused extra load by checking changes every 0.5 seconds after a change had occurred in mailbox Reproducible: Always Copied over 1.2.10-r1 and all is fine.
Hi, for some weeks now, I'm using dovecot 1.2.11 without a glitch. I've just renamed the ebuild to 1.2.11 and all is fine. It should be good to have a bump in the repository to address the security issues fixed in this release. Thank you.
+ 29 Mar 2010; Patrick Lauer <patrick@gentoo.org> +dovecot-1.2.11.ebuild: + Bump for #308767