[Dovecot] Dovecot (unofficial) patches
Egbert Jan
egbert at vandenbussche.nl
Sun Nov 19 11:20:15 UTC 2006
Dear list,
As a recent dovecot addict, I'm a bit puzzled by the sheer amount of
patches available. I have not seen the history of these patches and I
could not find a README explainng the patches. Are all these personal
wishes/nice to have things or are they (to be) incorporated in
dovecot-final?
I use rpmbuild to create new rpms from the latest tarball but in that
process still several patches are included during the build. I wonder if
they are still needed in rc15. I use the orignal spec file (the latest I
could find) was created for rc7 and in there I see:
Patch2 dovecot-0.99.10-mbox-patch
Seems to be to change the order of ./Mail before ./mail
Patch3 dovecot-CVE-2006-2414
Overview from CVE db:Directory traversal vulnerability in Dovecot 1.0 beta
and 1.0 allows remote attackers to list files and directories under the
mbox parent directory and obtain mailbox names via ".." sequences in the
(1) LIST or (2) DELETE IMAP command.
I'm not a spec file wizard, so I change as less as possible. Unfortunately
the maintainer (Jerome Soyer) has never responded to my emails.
My server runs Mandriva Official 2007.0 and Postfix 2.3.3 and dovecot rc14
(will move to rc15 soon).
TNX
EgbertJan (NL)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3834 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20061119/da161707/attachment-0001.bin
More information about the dovecot
mailing list