| Summary: | <net-mail/dovecot-2.2.5: POP3 "LIST" Command Handling Denial of Service Vulnerability | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Agostino Sarubbo <ago> |
| Component: | [OLD] Keywording and Stabilization | Assignee: | Eray Aslan <eras> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | net-mail+disabled |
| Priority: | Normal | Keywords: | STABLEREQ |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/54438/ | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
@security: Please stabilize =net-mail/dovecot-2.2.5. Thank you. (In reply to Eray Aslan from comment #1) > @security: Please stabilize =net-mail/dovecot-2.2.5. Thank you. Arches do stabilization, not security. Arches, please test and mark stable: =net-mail/dovecot-2.2.5 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" Stable for HPPA. As per http://www.openwall.com/lists/oss-security/2013/08/14/6 is not a security bug, but we can stabilize to address the issue. amd64 stable x86 stable arm stable ppc stable ia64 stable alpha stable ppc64 stable sparc stable SH is not anymore a stable arch, removing it from the cc list S390 is not anymore a stable arch, removing it from the cc list |
From ${URL} : Description A vulnerability has been reported in Dovecot, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling a terminated client connection during the "LIST" command processing and can be exploited to cause a crash. The vulnerability is reported in versions prior to 2.2.5. Solution: Update to version 2.2.5. Provided and/or discovered by: Reported by the vendor. Original Advisory: http://www.dovecot.org/list/dovecot-news/2013-August/000261.html @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.