[Dovecot] SA54438

Timo Sirainen tss at iki.fi
Wed Aug 14 13:14:17 EEST 2013


http://secunia.com/advisories/54438/

Since I already got 3 private mails about this, here's the same reply for everyone (actually updated, now that I looked at the code):

This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one pop3 process to crash in assert, which was handling only the connection that had already disconnected. (Unless you were running a non-recommended configuration with multiple clients per process.) So the only problem it caused was that Dovecot logged an assert error and maybe wrote a core dump.



More information about the dovecot mailing list