[Backports-security-announce] Security Update for dovecot
Marco Nenciarini uploaded new packages for dovecot which fix the
following security problem:
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of
certain directories at installation time, which allows local users to
access arbitrary user accounts by replacing the auth socket, related
to the parent directories of the base_dir directory, and possibly the
base_dir directory itself.
For the lenny-backports distribution the problems have been fixed in
If you don't use pinning (see ) you have to update the package
manually via "apt-get -t lenny-backports install dovecot-common
dovecot-imapd dovecot-pop3d" with the packagelist of your installed
packages affected by this update.
We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.
Pin: release a=lenny-backports