[Bug 290901] [NEW] Update to 1.1.6 - important fix for broken header parser

Mathias Gug mathiaz at ubuntu.com
Wed Oct 29 23:04:34 GMT 2008

Public bug reported:

Dovecot 1.1.6 has just be released fixing an important bug:

The invalid message address parsing bug is pretty important since it
allows a remote user to send broken mail headers and prevent the
recipient from accessing the mailbox afterwards, because the process
will always just crash trying to parse the header. This is assuming that
the IMAP client uses FETCH ENVELOPE command, not all do. Note that it
doesn't affect versions older than v1.1.4.

	+ dovecot -n and -a now prints some system information at the top.
	+ More error/debug message logging improvements.
	- pop3-login: Fixed assert-crash if a client sent USER+PASS+USER+PASS
	  commands in the same IP packet.
	- Parsing an invalid message address like "From: (" caused an
	  assert-crash in v1.1.4 and v1.1.5.
	- Folding whitespace wasn't handled correctly inside quoted-strings,
	  causing some messages to be parsed incorrectly.
	- mbox: Fixed saving messages that begin with a valid From_-line.

Only intrepid is affected.

** Affects: dovecot (Ubuntu)
     Importance: High
         Status: New

** Affects: dovecot (Ubuntu Intrepid)
     Importance: High
         Status: New

** Changed in: dovecot (Ubuntu Intrepid)
   Importance: Undecided => High

Update to 1.1.6 - important fix for broken header parser
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.

More information about the Ubuntu-server-bugs mailing list