[Dovecot] 1.0beta3 released

Timo Sirainen tss at iki.fi
Fri Feb 17 01:14:51 EET 2006

On 16.2.2006 21:43, "Josh Bressers" <bressers at redhat.com> wrote:

> I'm not on subscribed to the list, so please CC me on any replies.
>> - Fixed potential hangs after APPEND command

This isn't security related at all. Guess I should have used different

>> - Fixed potential crashes in dovecot-auth and imap/pop3-login
> These two issue have been assigned the CVE id CVE-2006-0730.  I've not
> taken a look through CVS yet, but I was wondering if someone can point me
> at some commits as the various distributions will be interested in
> backporting these fixes to any affected versions of dovecot shipped.

These problems aren't in 0.99.x versions.

Dovecot-auth crash exists in 1.0beta1 and beta2 versions, fixed by commit:

2006-01-28 21:09  Timo Sirainen <tss at iki.fi>

    * src/auth/auth-request-handler.c: If authentication client
      disconnects while it still has pending requests, don't crash (got
      broken in the large pointer-change commit).

Imap/pop3-login crash exists in 1.0test33, 1.0beta2 and everything between
them. Fixed by commit:

2006-01-28 21:47  Timo Sirainen <tss at iki.fi>

    * src/: imap-login/client-authenticate.c, imap-login/client.c,
      pop3-login/client-authenticate.c, pop3-login/client.c: If client
      disconnected while we were trying to send authentication
      continuation to it, we crashed.

Patches in:


More information about the dovecot mailing list