Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#6958 - Warning on dovecot
Attached to Project:
Arch Linux
Opened by DaNiMoTh (DaNiMoTh) - Thursday, 19 April 2007, 12:39 GMT
Last edited by Paul Mattal (paul) - Friday, 04 May 2007, 05:22 GMT
Opened by DaNiMoTh (DaNiMoTh) - Thursday, 19 April 2007, 12:39 GMT
Last edited by Paul Mattal (paul) - Friday, 04 May 2007, 05:22 GMT
|
Details------------------------------------------------------------
Arch Linux Security Warning ALSW 2007-#25 ------------------------------------------------------------ Name: dovecot Date: 2007-04-19 Severity: Medium Warning #: 2007-#25 ------------------------------------------------------------ Product Background =================== Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind Problem Background - Impact =================== If zlib plugin was loaded, it was possible to open gzipped mbox files outside the user's mail directory. Problem Packages =================== Package: dovecot Repo: extra Group: network Unsafe: <= 1.0rc29 Safe: >=1.0rc29 On the dovecot home ( http://www.dovecot.org/ ) is out the 1.0.0 version, that contain patch for this bug. Package Fix =================== Upgrade to 1.0rc29 or 1.0.0 =================== Unofficial ArchLinux Security Bug Tracker: http://jjdanimoth.netsons.org/alsw.html Reference(s) =================== http://dovecot.org/pipermail/dovecot-news/2007-March/000039.html |
This task depends upon
Closed by Paul Mattal (paul)
Friday, 04 May 2007, 05:22 GMT
Reason for closing: Fixed
Additional comments about closing: Updated to 1.0.0
Friday, 04 May 2007, 05:22 GMT
Reason for closing: Fixed
Additional comments about closing: Updated to 1.0.0
Comment by Andreas Radke (AndyRTR) -
Thursday, 26 April 2007, 21:33 GMT
x86_64 pkg updated