From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <seriv@parkheights.dyndns.org>
X-Virus-Scanned: amavisd-new at example.com
Authentication-Results: spectr.org from=seriv@parkheights.dyndns.org;
	domainkey=temperror (DNS query timeout for
	._domainkey.parkheights.dyndns.org)
Message-ID: <46B0B136.5000705@parkheights.dyndns.org>
Date: Wed, 01 Aug 2007 12:13:42 -0400
From: Sergey <seriv@parkheights.dyndns.org>
User-Agent: Thunderbird 2.0.0.5 (X11/20070727)
MIME-Version: 1.0
To: ALT Linux security team list <security-team@lists.altlinux.org>
X-Enigmail-Version: 0.95.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: ALT Linux Sisyphus mailing list <sisyphus@lists.altlinux.org>,
	ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
Subject: [sisyphus] I: dovecot-1.0.3 with small security fix
X-BeenThere: sisyphus@lists.altlinux.org
X-Mailman-Version: 2.1.9rc1
Precedence: list
Reply-To: ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>
List-Id: ALT Linux Sisyphus discussion list <sisyphus.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus>
List-Post: <mailto:sisyphus@lists.altlinux.org>
List-Help: <mailto:sisyphus-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Aug 2007 16:13:00 -0000
Archived-At: <http://lore.altlinux.org/sisyphus/46B0B136.5000705@parkheights.dyndns.org/>
List-Archive: <http://lore.altlinux.org/sisyphus/>
List-Post: <mailto:sisyphus@altlinux.ru>

В incoming/Sisyphus направлен dovecot-1.0.3.hg20070801-alt1.src.rpm,
обновлённый до версии 1.0.3
Среди исправлений - ошибка в безопасности в модуле ACL plugin:
v1.0.3 2007-08-01  Timo Sirainen <tss@iki.fi>
- deliver: v1.0.2's bounce fix caused message to be always saved to
  INBOX even if Sieve script had discard, reject or redirect commands.
- LDAP: auth_bind=yes and empty auth_bind_userdn leaked memory
- ACL plugin: If user was given i (insert) right for a mailbox, but
  not all s/t/w (seen, deleted, other flags) rights, COPY and APPEND
  commands weren't supposed to allow saving those flags. This is
  technically a security fix, but it's unlikely this caused problems
  for anyone.
- ACL plugin: i (insert) right didn't work unless user was also given
  l (lookup) right.

-- 
	Сергей Иванов