[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-identifier request for Dovecot ACL security
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-09-16 20:11:55
Message-ID: 14109729.256731284667915233.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2010-3304
Thanks.
--
JB
----- "Henri Salo" <henri@nerv.fi> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Can I get CVE-identifier for this issue?
>
> "This release fixes a bug in ACL plugin, which could be considered a
> security bug: If Maildir is used with default settings (INBOX is same
> as Maildir root dir) and user set some ACLs to INBOX, those ACLs were
> copied to all newly created mailboxes. This should have been done
> only
> for "default ACLs", but with Maildir the INBOX directory is the same
> as
> the default ACL directory, so this mixup happened. This bug exists
> only
> in v1.2.x releases."
>
> URL to announcement:
> http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
>
> Please note that this is different issue than: CVE-2010-0745
>
> Best regards,
> Henri Salo
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkySVTEACgkQXf6hBi6kbk9r9wCgs6z72LRTcywrsWIPtRiAR/R0
> fxcAoLQuYxA3NDFPsUiUhe7uTBm6c5xI
> =nWSw
> -----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic