mailing list archives
CVE request: Dovecot DoS in 2.x (fixed in 2.1.11)
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 3 Dec 2012 10:33:41 -0700
Could a CVE be assigned for the following please?
Dovecot 2.1.11 was released and includes a fix for a crash condition
when the IMAP server was issued a SEARCH command with multiple KEYWORD
parameters. An authenticated remote user could use this flaw to crash
The upstream fix was to remove the keyword merging code. This code
does not exist in Dovecot 1.x, but it does affect 2.x versions, at least
as far back as 2.0.9 (earliest version I checked).
Vincent Danen / Red Hat Security Response Team
- CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Vincent Danen (Dec 03)