Your message dated Wed, 12 Dec 2012 18:52:05 +0100 with message-id <20121212175205.gb19...@inutil.org> and subject line Re: Bug#695138: dovecot: CVE-2012-5620 has caused the Debian Bug report #695138, regarding dovecot: CVE-2012-5620 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 695138: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695138 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: dovecot Severity: grave Tags: security Justification: user security hole This entry from http://www.dovecot.org/list/dovecot-news/2012-November/000235.html was assigned CVE-2012-5620: > imap: Fixed crash when SEARCH contained multiple KEYWORD parameters. Fix: http://hg.dovecot.org/dovecot-2.1/rev/0306792cc843 The posting on oss-security claims 1.2 doesn't contain the affected code: http://seclists.org/oss-sec/2012/q4/395 However, mail_search_keywords_merge() also exists in 1.2.15 from Squeeze, so this needs further investigation or clarification from upstream. Cheers, Moritz
--- End Message ---
--- Begin Message ---On Tue, Dec 04, 2012 at 05:59:37PM +0200, Timo Sirainen wrote: > Not a security hole. A user can crash his/her own session. As bad as issuing > a LOGOUT command. Completely pointless CVE. Closing. This CVE ID will be rejected. Cheers, Moritz
--- End Message ---
