Red Hat Bugzilla – Bug 439369
new dovecot security issues from the dovecot site
Last modified: 2009-01-20 17:00:41 EST
Dovecot has released 2 public e-mails detailing 2 security issues in dovecot
The first one seems to not be patchable, but a user setup issue (probably no
action required in packaging):
The second one seems to have fixes incorporated into the latest release:
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
The first was already submitted as bug #437152 and is fixed in RHEL 5.2.
The second one is also known as CVE-2008-1218.
CVE-2008-1218 was tracked via bug #436928, which also explains why it was not handled as a security issue.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.