Not a security hole. A user can crash his/her own session. As bad as issuing a LOGOUT command. Completely pointless CVE.
On 4.12.2012, at 17.04, Moritz Muehlenhoff wrote: > Package: dovecot > Severity: grave > Tags: security > Justification: user security hole > > This entry from > http://www.dovecot.org/list/dovecot-news/2012-November/000235.html > was assigned CVE-2012-5620: > >> imap: Fixed crash when SEARCH contained multiple KEYWORD parameters. > > Fix: > http://hg.dovecot.org/dovecot-2.1/rev/0306792cc843 > > The posting on oss-security claims 1.2 doesn't contain the affected code: > http://seclists.org/oss-sec/2012/q4/395 > > However, mail_search_keywords_merge() also exists in 1.2.15 from Squeeze, so > this needs further investigation or clarification from upstream. > > Cheers, > Moritz > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
