Gentoo Bug 244962 - net-mail/dovecot < 1.1.6: Permanent DoS w/ broken mail headers (CVE-2008-4907)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	244962
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Wolfram Schlich <wschlich@gentoo.org>
Add CC:
CC:

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 244962 depends on:			Show dependency tree
Bug 244962 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-10-30 13:41 0000

I've just bumped dovecot to 1.1.6.
excerpt from the 1.1.6 release notes:
--8<--
The invalid message address parsing bug is pretty important since it
allows a remote user to send broken mail headers and prevent the
recipient from accessing the mailbox afterwards, because the process
will always just crash trying to parse the header. This is assuming that
the IMAP client uses FETCH ENVELOPE command, not all do. Note that it
doesn't affect versions older than v1.1.4.
--8<--

------- Comment #1 From Christian Hoffmann 2008-10-30 14:33:17 0000 -------

Thanks. Setting whiteboard and CC'ing arches...

Arches, please test and mark stable
  =net-mail/dovecot-1.1.6
Target keywords: alpha amd64 ppc sparc x86

------- Comment #2 From Markus Meier 2008-11-01 23:58:09 0000 -------

amd64/x86 stable

------- Comment #3 From Tobias Scherbaum 2008-11-02 10:35:45 0000 -------

ppc stable

------- Comment #4 From Stefan Behte 2008-11-04 08:36:34 0000 -------

alpha, sparc: *ping*

------- Comment #5 From Raúl Porcel 2008-11-06 09:11:36 0000 -------

alpha/sparc stable

------- Comment #6 From Tobias Heinlein 2008-11-08 09:52:23 0000 -------

Ready for vote, I vote YES.

------- Comment #7 From Robert Buchholz 2008-11-09 13:06:07 0000 -------

YES too, filed.

------- Comment #8 From Tobias Heinlein 2008-12-15 13:54:28 0000 -------

GLSA 200812-16, thanks everyone, sorry about the delay.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 244962

net-mail/dovecot < 1.1.6: Permanent DoS w/ broken mail headers (CVE-2008-4907)

Last modified: 2008-12-15 13:54:28 0000