Re: [SECURITY] [DSA 2954-1] dovecot security update
Dovecot 1.2.15 seems to be affected [1]
Will the update be available for squeeze-lts?
Thanks,
Andrea Zwirner
[1] http://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe:/a:dovecot:dovecot:1.2.15
Sent from my Sylpheed
On Mon, 09 Jun 2014 18:02:29 +0000
Salvatore Bonaccorso <carnil@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2954-1 security@debian.org
> http://www.debian.org/security/ Salvatore Bonaccorso
> June 09, 2014 http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : dovecot
> CVE ID : CVE-2014-3430
> Debian Bug : 747549
>
> It was discovered that the Dovecot email server is vulnerable to a
> denial of service attack against imap/pop3-login processes due to
> incorrect handling of the closure of inactive SSL/TLS connections.
>
> For the stable distribution (wheezy), this problem has been fixed in
> version 1:2.1.7-7+deb7u1.
>
> For the testing distribution (jessie), this problem has been fixed in
> version 1:2.2.13~rc1-1.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 1:2.2.13~rc1-1.
>
> We recommend that you upgrade your dovecot packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCgAGBQJTlfRZAAoJEAVMuPMTQ89EnisP/26H2tVdVc2/oTdtLLIqWsOX
> 66SqlmpfX0hwggvyJcMur6plkYkxFX+Ezrmapz7Qte+qnFSIyEOI8xLw+DloAsHg
> qsWlZQkLcpOixbY0Xk9fziD+Hm+bv/2DauDx7IGMkto5TSumZybJWK0gbWbFuWkg
> 4dUnU77Nl/VBJoChG1mxx918m1RUdYMCM5/tSxNGB8Eg/hN2oRP3tx35kjnZzr74
> DAVbMTcp5I6uC4EhuEqGBiR05tkT4I4a5xJ1/hAO3jOXUjc6QSSu1qRGHhsQx7Am
> FYzaDDdSzqnj2Pu+aQuVMYFkWCDO65zw3avlOn5qPTiMzRSx1DmdUEJGIA6kGFyL
> gFu4Kew4U8tmsqPaCEV9YrhvD0rVGBzpTQGgc43Ud1Nd+RUN0sUpR2BM2eYKNt+p
> j/TH89ihdZE0xCct99gib20Qtzj2yv0FRqVeeIGXSaF2OXI/OLJOh0MHguKPCPIQ
> pj/+NV3BuX8uu57ogSGO+hm+kGAv+yaHi5bWpDpZpGKDKH1PtSi6oMPlUjubXZ+C
> cDORh91mFL8nFTcrMvYoSsRW6kBUsBI9uAeOhDjyPAolhADwzE+KJ2Ru1S3vtLyC
> 7EMccBgtS7W99CZPI+TIwAIlivnCgyBHhX1H7pwgjOaPbQKbVx+Qs6+xQsrCtkVy
> 4bWkR7B41Z0sAu7YcoE8
> =y6t5
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: https://lists.debian.org/E1Wu3tt-0002F6-Kl@master.debian.org
>
Reply to: