[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-identifier request for Dovecot ACL security
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-09-16 20:11:55
Message-ID: 14109729.256731284667915233.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2010-3304

Thanks.

-- 
    JB


----- "Henri Salo" <henri@nerv.fi> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Can I get CVE-identifier for this issue?
> 
> "This release fixes a bug in ACL plugin, which could be considered a
> security bug: If Maildir is used with default settings (INBOX is same
> as Maildir root dir) and user set some ACLs to INBOX, those ACLs were
> copied to all newly created mailboxes. This should have been done
> only
> for "default ACLs", but with Maildir the INBOX directory is the same
> as
> the default ACL directory, so this mixup happened. This bug exists
> only
> in v1.2.x releases."
> 
> URL to announcement:
> http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
> 
> Please note that this is different issue than: CVE-2010-0745
> 
> Best regards,
> Henri Salo
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> 
> iEYEARECAAYFAkySVTEACgkQXf6hBi6kbk9r9wCgs6z72LRTcywrsWIPtRiAR/R0
> fxcAoLQuYxA3NDFPsUiUhe7uTBm6c5xI
> =nWSw
> -----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]