[Dovecot] SA54438
Timo Sirainen
tss at iki.fi
Wed Aug 14 13:14:17 EEST 2013
http://secunia.com/advisories/54438/
Since I already got 3 private mails about this, here's the same reply for everyone (actually updated, now that I looked at the code):
This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one pop3 process to crash in assert, which was handling only the connection that had already disconnected. (Unless you were running a non-recommended configuration with multiple clients per process.) So the only problem it caused was that Dovecot logged an assert error and maybe wrote a core dump.
More information about the dovecot
mailing list