Package: dovecot Severity: grave Tags: security Justification: user security hole
This entry from http://www.dovecot.org/list/dovecot-news/2012-November/000235.html was assigned CVE-2012-5620: > imap: Fixed crash when SEARCH contained multiple KEYWORD parameters. Fix: http://hg.dovecot.org/dovecot-2.1/rev/0306792cc843 The posting on oss-security claims 1.2 doesn't contain the affected code: http://seclists.org/oss-sec/2012/q4/395 However, mail_search_keywords_merge() also exists in 1.2.15 from Squeeze, so this needs further investigation or clarification from upstream. Cheers, Moritz _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
