[Dovecot] Dovecot (unofficial) patches
egbert at vandenbussche.nl
Sun Nov 19 11:20:15 UTC 2006
As a recent dovecot addict, I'm a bit puzzled by the sheer amount of
patches available. I have not seen the history of these patches and I
could not find a README explainng the patches. Are all these personal
wishes/nice to have things or are they (to be) incorporated in
I use rpmbuild to create new rpms from the latest tarball but in that
process still several patches are included during the build. I wonder if
they are still needed in rc15. I use the orignal spec file (the latest I
could find) was created for rc7 and in there I see:
Seems to be to change the order of ./Mail before ./mail
Overview from CVE db:Directory traversal vulnerability in Dovecot 1.0 beta
and 1.0 allows remote attackers to list files and directories under the
mbox parent directory and obtain mailbox names via ".." sequences in the
(1) LIST or (2) DELETE IMAP command.
I'm not a spec file wizard, so I change as less as possible. Unfortunately
the maintainer (Jerome Soyer) has never responded to my emails.
My server runs Mandriva Official 2007.0 and Postfix 2.3.3 and dovecot rc14
(will move to rc15 soon).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3834 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20061119/da161707/attachment-0001.bin
More information about the dovecot