Package: dovecot-common Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for dovecot.
CVE-2008-4577[0]: | The ACL plugin in Dovecot before 1.1.4 treats negative access rights | as if they are positive access rights, which allows attackers to | bypass intended access restrictions. CVE-2008-4578[1]: | The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass | intended access restrictions by using the "k" right to create | unauthorized "parent/child/child" mailboxes. The upstream announcement can be found here[2]. I don't think this warrants a DSA for etch and for lenny it could be fixed via unstable migration. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577 http://security-tracker.debian.net/tracker/CVE-2008-4577 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4578 http://security-tracker.debian.net/tracker/CVE-2008-4578 [2] http://www.dovecot.org/list/dovecot-news/2008-October/000085.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
