[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Fwd: [SECURITY] [DSA 2954-1] dovecot security update


is someone planning to fix that issue in squeeze-backports?

although i read most of the mails on the debian-lts-related mailing
lists and searched the wiki, i couldn't find information on how security
issues with packages in squeeze-backports will be handled.

perhaps worth adding the answer to that there?


Andreas Ziegler

-------- Original-Nachricht --------
Betreff: [SECURITY] [DSA 2954-1] dovecot security update
Weitersenden-Datum: Mon,  9 Jun 2014 18:02:51 +0000 (UTC)
Weitersenden-Von: debian-security-announce@lists.debian.org
Datum: Mon, 09 Jun 2014 18:02:29 +0000
Von: Salvatore Bonaccorso <carnil@debian.org>
Antwort an: debian-security@lists.debian.org
An: debian-security-announce@lists.debian.org

Debian Security Advisory DSA-2954-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
June 09, 2014                          http://www.debian.org/security/faq

Package        : dovecot
CVE ID         : CVE-2014-3430
Debian Bug     : 747549

It was discovered that the Dovecot email server is vulnerable to a
denial of service attack against imap/pop3-login processes due to
incorrect handling of the closure of inactive SSL/TLS connections.

For the stable distribution (wheezy), this problem has been fixed in
version 1:2.1.7-7+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 1:2.2.13~rc1-1.

For the unstable distribution (sid), this problem has been fixed in
version 1:2.2.13~rc1-1.

We recommend that you upgrade your dovecot packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Reply to: