Source: dovecot Version: 1:2.2.13-1 Severity: normal Tags: upstream fixed-upstream
Hi, With the fix for CVE-2014-3430 applied, on failed authentication and then logout from dovecot, dovecot, BYE and LOGOUT replies are not sent anymore. # openssl s_client -connect 127.0.0.1:993 [...] * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a login foo bar a NO [AUTHENTICATIONFAILED] Authentication failed. b logout closed # Upstream has addressed this after the 2.2.13 release with [1]. But note this introduced a regression[2] and needs at least two further commits to be resolved[3,4,5]. [1] http://hg.dovecot.org/dovecot-2.2/rev/09d3c9c6f0ad [2] http://dovecot.org/list/dovecot/2014-June/096528.html [3] http://dovecot.org/list/dovecot/2014-June/096543.html [4] http://hg.dovecot.org/dovecot-2.2/rev/7129fe8bc260 [5] http://hg.dovecot.org/dovecot-2.2/rev/5259f6320e52 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
