[SECURITY] Fedora 10 Update: dovecot-1.1.18-2.fc10
updates at fedoraproject.org
updates at fedoraproject.org
Tue Sep 15 07:41:57 UTC 2009
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-9559
2009-09-15 06:22:55
--------------------------------------------------------------------------------
Name : dovecot
Product : Fedora 10
Version : 1.1.18
Release : 2.fc10
URL : http://www.dovecot.org/
Summary : Dovecot Secure imap server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.
The SQL drivers and authentication plugins are in their subpackages.
--------------------------------------------------------------------------------
Update Information:
dovecot-sieve updated to 1.1.7 It is derived from CMU sieve used by cyrus-
imapd and was affected by CVE-2009-2632 too. See upstream announcement for
further details: http://dovecot.org/list/dovecot-
news/2009-September/000135.html
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 14 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:1.1.18-2
- dovecot-sieve updated to 1.1.7
- fixes bug similar to CVE-2009-2632 (buffer overflow)
* Wed Jul 29 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:1.1.18-1
- updated to 1.1.18
- Maildir++ quota: Quota was sometimes updated wrong when it was
being recalculated.
- Searching quoted-printable message body internally converted "_"
characters to spaces and didn't match search keys with "_".
* Mon Jul 13 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:1.1.17-1
- updated to 1.1.17
- IMAP: Don't crash if IDLE command is pipelined after a long-running
UID FETCH or UID SEARCH.
- mbox: Don't write garbage to mbox if message doesn't have a body.
- Maildir: Fixed using in-memory indexes when some required directory
was missing.
- auth: Don't assert-crash if trying to log in as master user but
with empty login username.
- Several fixes to expire plugin / expire-tool
- managesive updated: improved handling of script truncation
bugs: connection is now closed
* Wed Jun 3 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:1.1.16-1
- updated to 1.1.16
* Fri May 22 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:1.1.15-1
- updated to 1.1.15
* Wed Feb 11 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:1.1.14-1
- updated to 1.1.14
* Wed Feb 11 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:1.1.11-1
- updated to 1.1.11
- IMAP: PERMANENTFLAGS list didn't contain \*, causing some clients
not to save keywords.
- auth: Using "username" or "domain" passdb fields caused problems
with cache and blocking passdbs in v1.1.8 .. v1.1.10.
- userdb prefetch + blocking passdbs was broken with non-plaintext
auth in v1.1.8 .. v1.1.10.
* Tue Jan 27 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:1.1.10-1
- update dovecot to 1.1.10
- added managesieve support
* Thu Jan 8 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:1.1.8-1
- update dovecot to 1.1.8 (Resolves: #475848)
- update dovecot sieve plugin to 1.1.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #521010 - cyrus-imapd: buffer overflow in cyrus sieve
https://bugzilla.redhat.com/show_bug.cgi?id=521010
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update dovecot' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list