CVE-2011-1929: lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message. CVE-2011-2166: script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
@net-mail and Eray, looks like both 1.2.17 and 2.0.13 are fixed and in the tree. Can we move forward with stabilization of one of those versions? Thanks!
We should stabilize both net-mail/dovecot-1.2.17 and net-mail/dovecot-2.0.13. There are still some users who prefer to stick with dovecot-1.2 branch.
(In reply to comment #2) > We should stabilize both net-mail/dovecot-1.2.17 and net-mail/dovecot-2.0.13. > There are still some users who prefer to stick with dovecot-1.2 branch. Sounds good, thank you. Arches, please test and mark stable: =net-mail/dovecot-2.0.13 Target keywords : "alpha amd64 arm ppc sparc x86" =net-mail/dovecot-1.2.17 Target keywords : "alpha amd64 arm ppc sparc x86"
both work on amd64
x86 stable
ppc stable
amd64 done. Thanks Agostino
alpha/arm/sparc stable
Thanks, everyone. GLSA Vote: yes.
CVE-2011-2167 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2167): script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script. CVE-2011-2166 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2166): script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script. CVE-2011-1929 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1929): lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
CVE-2010-3304 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3304): The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
CVE-2010-3779 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3779): Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. CVE-2010-3707 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3707): plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox. CVE-2010-3706 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3706): plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
CVE-2010-3780 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3780): Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
Vote: YES. Added to pending GLSA request.
This issue was resolved and addressed in GLSA 201110-04 at http://security.gentoo.org/glsa/glsa-201110-04.xml by GLSA coordinator Stefan Behte (craig).
