[Dovecot] v1.1.6 released

Adam McDougall mcdouga9 at egr.msu.edu
Wed Nov 19 17:56:53 EET 2008

Just wanted to mention that 1.1.6 seems fine so far in our testing, and 
I think the lack of reported problems on the mailing list is probably a 
very good sign!

Timo Sirainen wrote:
> http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz
> http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz.sig
> The invalid message address parsing bug is pretty important since it
> allows a remote user to send broken mail headers and prevent the
> recipient from accessing the mailbox afterwards, because the process
> will always just crash trying to parse the header. This is assuming that
> the IMAP client uses FETCH ENVELOPE command, not all do. Note that it
> doesn't affect versions older than v1.1.4.
> 	+ dovecot -n and -a now prints some system information at the top.
> 	+ More error/debug message logging improvements.
> 	- pop3-login: Fixed assert-crash if a client sent USER+PASS+USER+PASS
> 	  commands in the same IP packet.
> 	- Parsing an invalid message address like "From: (" caused an
> 	  assert-crash in v1.1.4 and v1.1.5.
> 	- Folding whitespace wasn't handled correctly inside quoted-strings,
> 	  causing some messages to be parsed incorrectly.
> 	- mbox: Fixed saving messages that begin with a valid From_-line.

More information about the dovecot mailing list