*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Jamie Strandboge (jdstrand):
Script names aren't checked for "/"-characters, so that virtual users can edit other users scripts by using a script name like "../../other_user/sieve/script". See here for more details and a patch: http://dovecot.org/list/dovecot/2008-November/035259.html ** Affects: dovecot (Ubuntu) Importance: Undecided Status: New ** Affects: dovecot (Debian) Importance: Unknown Status: Unknown -- Security hole in ManageSieve: Virtual users can edit scripts of other virtual users https://bugs.launchpad.net/bugs/307291 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
