This problem is only present with versions 1.2.x and it's fixed in 1.2.11:
- mbox: Message header reading was unnecessarily slow. Fetching a
huge header could have resulted in Dovecot eating a lot of CPU.
Also searching messages was much slower than necessary.
- mbox, dbox, cydir: Mail root directory was created with 0770
permissions, instead of 0700.
- maildir: Reading uidlist could have ended up in an infinite loop.
- IMAP IDLE: v1.2.7+ caused extra load by checking changes every
0.5 seconds after a change had occurred in mailbox
Is it ok for version 1.2.11 to go stable?
dovecot-1.2.11-r1 is ready for stable.
Only concern is it was committed to the tree on April 7th and this is a minor issue.
Advice is welcome on gentoo policy whether this warrents foregoing "30 days before stabilization". Patrick?
(In reply to comment #1)
> Advice is welcome on gentoo policy whether this warrents foregoing "30 days
> before stabilization". Patrick?
Eray, security issues should not wait. I see there is also bug 314103.
Arches, please test and mark stable:
Target keywords : "alpha amd64 sparc x86"
*** Bug 314103 has been marked as a duplicate of this bug. ***
x86 team: Stable host, upgraded to 1.2.11-r1 with no issues in my mail setup.
stable x86, thanks Jeremy, interested in a position as x86 AT? :)
No problems so far on an amd64 platform
All arches done. Vote required, I vote NO.
arm has keyworded dovecot-1.2.11-r1 as well. Please stabilize too. Thanks.
(In reply to comment #12)
> arm has keyworded dovecot-1.2.11-r1 as well. Please stabilize too. Thanks.
The package was never stable, NACK.
What is happening with ppc? They are still stuck at 1.1.19
I've marked the ppc builds ~ppc. In a few days, I'll mark the requested ebuild ppc stable, quickly due to the security issue. Sorry for the delay.
Sorry, I forgot about this. Marked ppc stable.
I vote YES though.
GLSA Vote: Yes, with 286844.
This issue was resolved and addressed in
GLSA 201110-04 at http://security.gentoo.org/glsa/glsa-201110-04.xml
by GLSA coordinator Stefan Behte (craig).