[Dovecot] v1.1.6 released
Adam McDougall
mcdouga9 at egr.msu.edu
Wed Nov 19 17:56:53 EET 2008
Just wanted to mention that 1.1.6 seems fine so far in our testing, and
I think the lack of reported problems on the mailing list is probably a
very good sign!
Timo Sirainen wrote:
> http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz
> http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz.sig
>
> The invalid message address parsing bug is pretty important since it
> allows a remote user to send broken mail headers and prevent the
> recipient from accessing the mailbox afterwards, because the process
> will always just crash trying to parse the header. This is assuming that
> the IMAP client uses FETCH ENVELOPE command, not all do. Note that it
> doesn't affect versions older than v1.1.4.
>
> + dovecot -n and -a now prints some system information at the top.
> + More error/debug message logging improvements.
> - pop3-login: Fixed assert-crash if a client sent USER+PASS+USER+PASS
> commands in the same IP packet.
> - Parsing an invalid message address like "From: (" caused an
> assert-crash in v1.1.4 and v1.1.5.
> - Folding whitespace wasn't handled correctly inside quoted-strings,
> causing some messages to be parsed incorrectly.
> - mbox: Fixed saving messages that begin with a valid From_-line.
>
>
More information about the dovecot
mailing list