Fwd: [SECURITY] [DSA 2954-1] dovecot security update
Hi,
is someone planning to fix that issue in squeeze-backports?
although i read most of the mails on the debian-lts-related mailing
lists and searched the wiki, i couldn't find information on how security
issues with packages in squeeze-backports will be handled.
perhaps worth adding the answer to that there?
https://wiki.debian.org/LTS/FAQ
Regards
Andreas Ziegler
-------- Original-Nachricht --------
Betreff: [SECURITY] [DSA 2954-1] dovecot security update
Weitersenden-Datum: Mon, 9 Jun 2014 18:02:51 +0000 (UTC)
Weitersenden-Von: debian-security-announce@lists.debian.org
Datum: Mon, 09 Jun 2014 18:02:29 +0000
Von: Salvatore Bonaccorso <carnil@debian.org>
Antwort an: debian-security@lists.debian.org
An: debian-security-announce@lists.debian.org
-------------------------------------------------------------------------
Debian Security Advisory DSA-2954-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : dovecot
CVE ID : CVE-2014-3430
Debian Bug : 747549
It was discovered that the Dovecot email server is vulnerable to a
denial of service attack against imap/pop3-login processes due to
incorrect handling of the closure of inactive SSL/TLS connections.
For the stable distribution (wheezy), this problem has been fixed in
version 1:2.1.7-7+deb7u1.
For the testing distribution (jessie), this problem has been fixed in
version 1:2.2.13~rc1-1.
For the unstable distribution (sid), this problem has been fixed in
version 1:2.2.13~rc1-1.
We recommend that you upgrade your dovecot packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
Reply to: