On Fri, 2009-09-11 at 12:20 +0200, Maciej Polewczyński wrote: > >> I have problem with deliver dying with signal 11. I'm using postfix + > >> dovecot devliver. If mailbox have many (100+) redirects in sieve or many > >> other sieve rules deliver died. I have tested this in debian etch + > >> dovecot 1.1.18 (compiled from sources) and debian lenny + dovecot 1.1.13 > >> from backports.
Interestingly enough this is because of the security hole in Cyrus libsieve that was recently found: https://bugzilla.redhat.com/show_bug.cgi?id=521010 And even more interesting is that I found at least one other really simple buffer overflow from the libsieve code. Wonder why I hadn't checked the libsieve code properly earlier.. So, Dovecot's fixes are here: http://hg.dovecot.org/dovecot-sieve-1.1/rev/4577c4e1130d http://hg.dovecot.org/dovecot-sieve-1.1/rev/049f22520628 I'll make new Dovecot Sieve releases and report the other new bug to Cyrus people..
signature.asc
Description: This is a digitally signed message part
