dovecot-1.0: Released v1.0.13.
dovecot at dovecot.org
dovecot at dovecot.org
Sun Mar 9 13:04:55 EET 2008
details: http://hg.dovecot.org/dovecot-1.0/rev/894f003d9f5f
changeset: 5541:894f003d9f5f
user: Timo Sirainen <tss at iki.fi>
date: Sun Mar 09 12:50:11 2008 +0200
description:
Released v1.0.13.
diffstat:
2 files changed, 13 insertions(+), 1 deletion(-)
NEWS | 12 ++++++++++++
configure.in | 2 +-
diffs (29 lines):
diff -r a6fb479401ce -r 894f003d9f5f NEWS
--- a/NEWS Sun Mar 09 12:48:04 2008 +0200
+++ b/NEWS Sun Mar 09 12:50:11 2008 +0200
@@ -1,3 +1,15 @@ v1.0.12 2008-03-05 Timo Sirainen <tss at i
+v1.0.13 2008-03-09 Timo Sirainen <tss at iki.fi>
+
+ * Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd
+ and shadow if blocking=yes) where user could specify extra fields
+ in the password. The main problem here is when specifying
+ "skip_password_check" introduced in v1.0.11 for fixing master user
+ logins, allowing the user to log in as anyone without a valid
+ password.
+
+ - mail_privileged_group was broken in some systems (OS X, Solaris?)
+ - IMAP THREAD: Fixed some correctness problems
+
v1.0.12 2008-03-05 Timo Sirainen <tss at iki.fi>
- Using mail_privileged_group with dotlock_use_excl=no worked, but it
diff -r a6fb479401ce -r 894f003d9f5f configure.in
--- a/configure.in Sun Mar 09 12:48:04 2008 +0200
+++ b/configure.in Sun Mar 09 12:50:11 2008 +0200
@@ -1,5 +1,5 @@ AC_PREREQ([2.59])
AC_PREREQ([2.59])
-AC_INIT([dovecot],[1.0.12],[dovecot at dovecot.org])
+AC_INIT([dovecot],[1.0.13],[dovecot at dovecot.org])
AC_CONFIG_SRCDIR([src])
AM_INIT_AUTOMAKE
More information about the dovecot-cvs
mailing list