dovecot-1.0: Released v1.0.13.

dovecot at dovecot.org dovecot at dovecot.org
Sun Mar 9 13:04:55 EET 2008


details:   http://hg.dovecot.org/dovecot-1.0/rev/894f003d9f5f
changeset: 5541:894f003d9f5f
user:      Timo Sirainen <tss at iki.fi>
date:      Sun Mar 09 12:50:11 2008 +0200
description:
Released v1.0.13.

diffstat:

2 files changed, 13 insertions(+), 1 deletion(-)
NEWS         |   12 ++++++++++++
configure.in |    2 +-

diffs (29 lines):

diff -r a6fb479401ce -r 894f003d9f5f NEWS
--- a/NEWS	Sun Mar 09 12:48:04 2008 +0200
+++ b/NEWS	Sun Mar 09 12:50:11 2008 +0200
@@ -1,3 +1,15 @@ v1.0.12 2008-03-05  Timo Sirainen <tss at i
+v1.0.13 2008-03-09  Timo Sirainen <tss at iki.fi>
+
+	* Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd
+	  and shadow if blocking=yes) where user could specify extra fields
+	  in the password. The main problem here is when specifying
+	  "skip_password_check" introduced in v1.0.11 for fixing master user
+	  logins, allowing the user to log in as anyone without a valid
+	  password.
+
+	- mail_privileged_group was broken in some systems (OS X, Solaris?)
+	- IMAP THREAD: Fixed some correctness problems
+
 v1.0.12 2008-03-05  Timo Sirainen <tss at iki.fi>
 
 	- Using mail_privileged_group with dotlock_use_excl=no worked, but it
diff -r a6fb479401ce -r 894f003d9f5f configure.in
--- a/configure.in	Sun Mar 09 12:48:04 2008 +0200
+++ b/configure.in	Sun Mar 09 12:50:11 2008 +0200
@@ -1,5 +1,5 @@ AC_PREREQ([2.59])
 AC_PREREQ([2.59])
-AC_INIT([dovecot],[1.0.12],[dovecot at dovecot.org])
+AC_INIT([dovecot],[1.0.13],[dovecot at dovecot.org])
 AC_CONFIG_SRCDIR([src])
 
 AM_INIT_AUTOMAKE


More information about the dovecot-cvs mailing list