package: dovecot-common version: 1:1.0.15-2.3 severity: important tags: security upstream
The CMU Sieve plugin for Dovecot v1.0/v1.1 is based on the Cyrus Sieve library. As described in DSA 1881-1¹ there was a vulnerability. Timo Sirainen has announced² the availability of the bug fixed versions v1.1.7 for Dovecot v1.1 and v1.0.4 for Dovecot v1.0. This affects also dovecot-common 1.0.rc15-2etch4 in oldstable and dovecot-common 1:1.0.15-2.3~bpo40+1 etch-backports. This security hole does not exits in new Sieve implementation, from Stephan Bosch, for Dovecots v1.2 series. Regards, Pascal -- 1 = http://www.debian.org/security/2009/dsa-1881 2 = http://dovecot.org/list/dovecot-news/2009-September/000135.html -- Ubuntu is an ancient African word meaning “I can’t install Debian.” -- unknown -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
