Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 314103 - Please stabilize =net-mail/dovecot-1.2.8
Summary: Please stabilize =net-mail/dovecot-1.2.8
Status: RESOLVED DUPLICATE of bug 314533
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Net-Mail Packages
Depends on:
Reported: 2010-04-09 12:46 UTC by Eray Aslan
Modified: 2012-02-24 22:20 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Eray Aslan gentoo-dev 2010-04-09 12:46:41 UTC
CVE-2009-3897 (
  Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of
  certain directories at installation time, which allows local users to
  access arbitrary user accounts by replacing the auth socket, related
  to the parent directories of the base_dir directory, and possibly the
  base_dir directory itself.

net-mail/dovecot-1.2.8 in the tree since 02 Dec 2009.  No significant bugs.

Arches, please test and mark stable:
Target keywords : "alpha amd64 ppc sparc x86"

Reproducible: Always
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-09 17:43:45 UTC
Shouldn't we better stabilize a newer version, e.g. 1.2.11-r1?

net-mail: do as you wish.
Comment 2 Eray Aslan gentoo-dev 2010-04-09 18:47:17 UTC
* dovecot-1.2.{8,9,10,11} does not have any security vulnerabilities.  As long as we are at >=dovecot-1.2.8 we are good security-wise.
* dovecot-1.2.11-r1 was committed to the tree 2 days ago.  I'd prefer to wait a bit before asking for stabilization (30 days?).
* >dovecot-1.2.8 is missing the ~ppc keyword.  bug #313787.

Please stabilize =net-mail/dovecot-1.2.8.  Thank you.
Comment 3 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2010-04-14 14:41:34 UTC
Thanks for working on dovecot, Eray. I rely on this application. Since we don't need two stablereqs open, I will mark this as a dupe of bug 314533

An open invite to email me if you need something done urgently and patrick is not around.

*** This bug has been marked as a duplicate of bug 314533 ***