[Dovecot] v1.1.6 released

Timo Sirainen tss at iki.fi
Thu Oct 30 00:25:29 EET 2008


http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz.sig

The invalid message address parsing bug is pretty important since it
allows a remote user to send broken mail headers and prevent the
recipient from accessing the mailbox afterwards, because the process
will always just crash trying to parse the header. This is assuming that
the IMAP client uses FETCH ENVELOPE command, not all do. Note that it
doesn't affect versions older than v1.1.4.

	+ dovecot -n and -a now prints some system information at the top.
	+ More error/debug message logging improvements.
	- pop3-login: Fixed assert-crash if a client sent USER+PASS+USER+PASS
	  commands in the same IP packet.
	- Parsing an invalid message address like "From: (" caused an
	  assert-crash in v1.1.4 and v1.1.5.
	- Folding whitespace wasn't handled correctly inside quoted-strings,
	  causing some messages to be parsed incorrectly.
	- mbox: Fixed saving messages that begin with a valid From_-line.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081030/38905e63/attachment.bin 


More information about the dovecot mailing list