[pkg-kolab] Bug#411240: kolab-cyrus-imapd: Corrupt quota files cause data loss

[Steve Langasek]

severity 411240 important
thanks

After a look at the code, I've concluded that this bug does not cause real
data loss: lmtpd checks the user quota when verifying the message recipient,
so this bug should trigger well before any data is accepted for delivery,
and any data loss is the fault of the sending application for not gracefully
handling a delivery failure.  It is possible to use the 'ignorequota' option
to override the quota check while verifying the recipient, but even then the
subsequent failure happens before lmtpd acknowledges delivery.

So although this is a bug, given that I also don't see any data path by
which lmtpd would check quotas for users other than the intended recipients
the practical impact of fixing this bug is small: returning a segfault
instead of an error message in the event of a quota error should not
significantly impact the integrity of data on the sender's side.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/