[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Backports-security-announce] Security Update for dovecot

Marco Nenciarini uploaded new packages for dovecot which fixed the
following security problems:

CVE not assigned jet
  Fetching a message with a huge header could have resulted in Dovecot
  eating a lot of CPU. An evil attacker could cause a DoS by sending
  forged messages.

For the lenny-backports distribution the problems have been fixed in
version 1:1.2.11-1~bpo50+1

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>

We recommend to pin the backports repository to 200 so that new
versions of installed  backports will be installed automatically.

  Package: *
  Pin: release a=lenny-backports
  Pin-Priority: 200

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: