On 11.04.2017 11:04, Apollon Oikonomopoulos wrote:
> Hi,
>
> On 09:00 Tue 11 Apr , Salvatore Bonaccorso wrote:
>> So the problem is present, and was a quite bad mistake on my end. Aki
>> tracked it down, and although the patch applies back to 2.2.10 the
>> vulnerability itself was only introd
Hi,
On 09:00 Tue 11 Apr , Salvatore Bonaccorso wrote:
> So the problem is present, and was a quite bad mistake on my end. Aki
> tracked it down, and although the patch applies back to 2.2.10 the
> vulnerability itself was only introduced with
> https://github.com/dovecot/core/commit/a3783f8a3c
Hi Apollon,
On Tue, Apr 11, 2017 at 09:12:38AM +0300, Apollon Oikonomopoulos wrote:
> Hi Salvatore,
>
> On 06:33 Tue 11 Apr , Salvatore Bonaccorso wrote:
> > Timo and Aki, attached is the patch used for the version in Debian
> > Jessie.
> >
> > Did I misss something obvious with backporting
On 11.04.2017 07:33, Salvatore Bonaccorso wrote:
> Hi Nick,
>
> On Tue, Apr 11, 2017 at 01:19:11AM +0100, Nick Thomas wrote:
>> Hi,
>>
>> dovecot-core/1:2.2.13-12~deb8u2 with a dict-based userdb or passdb no
>> longer interprets placeholders like %u in the keys even once.
>>
>> The referenced com
Hi Salvatore,
On 06:33 Tue 11 Apr , Salvatore Bonaccorso wrote:
> Timo and Aki, attached is the patch used for the version in Debian
> Jessie.
>
> Did I misss something obvious with backporting the commit to 2.2.13?
>
> Regards,
> Salvatore
> From 30feb7a30f193197f1aab8a7b04a26b42735 Mo
Hi Nick,
On Tue, Apr 11, 2017 at 01:19:11AM +0100, Nick Thomas wrote:
> Hi,
>
> dovecot-core/1:2.2.13-12~deb8u2 with a dict-based userdb or passdb no
> longer interprets placeholders like %u in the keys even once.
>
> The referenced commit claims to prevent double-parsing in a situation
> like t
Hi,
dovecot-core/1:2.2.13-12~deb8u2 with a dict-based userdb or passdb no
longer interprets placeholders like %u in the keys even once.
The referenced commit claims to prevent double-parsing in a situation
like this:
username: fo...@example.com
config file:
```
key userdb {
key = userdb/%u
7 matches
Mail list logo