Public bug reported:
Dovecot 1.1.6 has just be released fixing an important bug:
The invalid message address parsing bug is pretty important since it
allows a remote user to send broken mail headers and prevent the
recipient from accessing the mailbox afterwards, because the process
will always just crash trying to parse the header. This is assuming that
the IMAP client uses FETCH ENVELOPE command, not all do. Note that it
doesn't affect versions older than v1.1.4.
+ dovecot -n and -a now prints some system information at the top.
+ More error/debug message logging improvements.
- pop3-login: Fixed assert-crash if a client sent USER+PASS+USER+PASS
commands in the same IP packet.
- Parsing an invalid message address like "From: (" caused an
assert-crash in v1.1.4 and v1.1.5.
- Folding whitespace wasn't handled correctly inside quoted-strings,
causing some messages to be parsed incorrectly.
- mbox: Fixed saving messages that begin with a valid From_-line.
Only intrepid is affected.
** Affects: dovecot (Ubuntu)
Importance: High
Status: New
** Affects: dovecot (Ubuntu Intrepid)
Importance: High
Status: New
** Changed in: dovecot (Ubuntu Intrepid)
Importance: Undecided => High
--
Update to 1.1.6 - important fix for broken header parser
https://bugs.launchpad.net/bugs/290901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
