[Secure-testing-commits] r7765 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Sun Dec 30 10:46:37 UTC 2007
Author: thijs
Date: 2007-12-30 10:46:36 +0000 (Sun, 30 Dec 2007)
New Revision: 7765
Modified:
data/CVE/list
Log:
dovecot ldap+auth cache issue, very specific configuration required
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-30 10:19:21 UTC (rev 7764)
+++ data/CVE/list 2007-12-30 10:46:36 UTC (rev 7765)
@@ -1,3 +1,9 @@
+CVE-2007-XXXX [dovecot LDAP auth may authenticate as wrong user]
+ - dovecot 1:1.0.10-1 (low; bug #458315)
+ [sarge] - dovecot <not-affected> (Vulnerable code not present)
+ NOTE: http://dovecot.org/list/dovecot-news/2007-December/000057.html
+ NOTE: low, because issue is only with quite rare configurations
+ NOTE: CVE id requested
CVE-2007-XXXX [dovecot LDAP infinite loop]
- dovecot 1:1.0.10-1 (unimportant)
NOTE: Can only be triggered by an attacker being able to disconnect,
More information about the Secure-testing-commits
mailing list