ecot-1.2/rev/8ba4253adc9b
> http://hg.dovecot.org/dovecot-1.1/rev/fe0e6550585c
>
> The fix will be in v2.2.13. Maybe also in v2.1.18 if I decide to release it.
> For older releases you need to patch it yourself.
>
> For people who are using dovecot-ee releases the fix
OX was autocreated, leading to
> trouble with dsync.
> - script-login binary wasn't actually dropping privileges to the
> user/group/chroot specified by its service settings.
> - Fixed potential crashes and other problems when parsing header names
> that contained NUL characters.
Header NUL problem got assigned CVE-2011-1929.
Best regards,
Henri Salo
OX was autocreated, leading to
> trouble with dsync.
> - script-login binary wasn't actually dropping privileges to the
> user/group/chroot specified by its service settings.
> - Fixed potential crashes and other problems when parsing header names
> that contained NUL characters.
Should this get CVE-identifier? I can request it.
Best regards,
Henri Salo
