[Dovecot-news] [Dovecot] v2.2.7 released
    Timo Sirainen 
    tss at iki.fi
       
    Sun Nov  3 22:52:06 EET 2013
    
    
  
On 3.11.2013, at 22.08, Timo Sirainen <tss at iki.fi> wrote:
> 	* Some usage of passdb checkpassword could have been exploitable by
> 	  local users. You may need to modify your setup to keep it working.
> 	  See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
Oh, forgot to mention here: This problem was found by the cPanel people (cPanel uses checkpassword). They also reserved CVE-2013-6171 for this.
    
    
More information about the Dovecot-news
mailing list