CVE-2011-1929 and Dovecot 1.0.10-1ubuntu5.2 in Hardy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dovecot (Ubuntu) |
Invalid
|
High
|
Steve Beattie |
Bug Description
Because of the recent updates to Dovecot in USN-1143-1 I checked whether Dovecot 1.0.10-1ubuntu5.2 in Hardy is affected, too. Apparently, upstream fixed the bug in src/lib-
For Debian, <http://
Yet, the problematic code appears to exist in an other file, message-parser.c in Dovecot 1.0, Line 943: <http://
I think the patch should be backported/applied to message-parser.c , too.
Thanks,
Hannes
Hi Hannes,
Yes, I saw the same thing you did, that apparently the same bit of code appears in src/lib- mail/message- parser. c ; however, my attempts to reproduce the issue on hardy did not meet success. However, prompted by your bug report, I've further attempted to reproduce the issue on hardy and am now able to generate mailbox corruption. I'll generate an update for hardy shortly.
Thanks!