On Mon, 23 Nov 2009, Soeren Sonnenburg wrote:
Package: dovecot
Severity: critical
Tags: security
from http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
This is mainly to fix the 0777 base_dir creation issue, which could be
considered a security hole, exploitable by local users. An attacker
could for example replace Dovecot's auth socket and log in as other
users. Gaining root privileges isn't possible though.
This affects only v1.2 users, v1.1 and older versions were creating the
directory with 0755 permission.
Thanks for the heads up. I am in the process of packaging this version.
Security team:
We were going to take this opportunity to migrate to the 3.0 (quilt)
format. Is this likely to cause problems for you? Would you prefer we
waited until after this upload?
--
Jaldhar H. Vyas <[email protected]>
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
