[Secure-testing-team] Bug#695138: dovecot: CVE-2012-5620
Moritz Muehlenhoff
jmm at inutil.org
Tue Dec 4 15:04:45 UTC 2012
Package: dovecot
Severity: grave
Tags: security
Justification: user security hole
This entry from http://www.dovecot.org/list/dovecot-news/2012-November/000235.html
was assigned CVE-2012-5620:
> imap: Fixed crash when SEARCH contained multiple KEYWORD parameters.
Fix:
http://hg.dovecot.org/dovecot-2.1/rev/0306792cc843
The posting on oss-security claims 1.2 doesn't contain the affected code:
http://seclists.org/oss-sec/2012/q4/395
However, mail_search_keywords_merge() also exists in 1.2.15 from Squeeze, so
this needs further investigation or clarification from upstream.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list