From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <seriv@parkheights.dyndns.org>
X-Virus-Scanned: amavisd-new at example.com
Authentication-Results: spectr.org from=seriv@parkheights.dyndns.org;
	domainkey=temperror (DNS query timeout for
	._domainkey.parkheights.dyndns.org)
Message-ID: <46B0B136.5000705@parkheights.dyndns.org>
Date: Wed, 01 Aug 2007 12:13:42 -0400
From: Sergey <seriv@parkheights.dyndns.org>
User-Agent: Thunderbird 2.0.0.5 (X11/20070727)
MIME-Version: 1.0
To: ALT Linux security team list <security-team@lists.altlinux.org>
X-Enigmail-Version: 0.95.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: ALT Linux Sisyphus mailing list <sisyphus@lists.altlinux.org>,
	ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
Subject: [Sysadmins] I: dovecot-1.0.3 with small security fix
X-BeenThere: sysadmins@lists.altlinux.org
X-Mailman-Version: 2.1.9rc1
Precedence: list
Reply-To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
List-Id: ALT Linux sysadmin discuss <sysadmins.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sysadmins>
List-Post: <mailto:sysadmins@lists.altlinux.org>
List-Help: <mailto:sysadmins-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Aug 2007 16:13:00 -0000
Archived-At: <http://lore.altlinux.org/sysadmins/46B0B136.5000705@parkheights.dyndns.org/>
List-Archive: <http://lore.altlinux.org/sysadmins/>

В incoming/Sisyphus направлен dovecot-1.0.3.hg20070801-alt1.src.rpm,
обновлённый до версии 1.0.3
Среди исправлений - ошибка в безопасности в модуле ACL plugin:
v1.0.3 2007-08-01  Timo Sirainen <tss@iki.fi>
- deliver: v1.0.2's bounce fix caused message to be always saved to
  INBOX even if Sieve script had discard, reject or redirect commands.
- LDAP: auth_bind=yes and empty auth_bind_userdn leaked memory
- ACL plugin: If user was given i (insert) right for a mailbox, but
  not all s/t/w (seen, deleted, other flags) rights, COPY and APPEND
  commands weren't supposed to allow saving those flags. This is
  technically a security fix, but it's unlikely this caused problems
  for anyone.
- ACL plugin: i (insert) right didn't work unless user was also given
  l (lookup) right.

-- 
	Сергей Иванов


From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <spamd@eva.dp.ua>
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on jabber.eva.dp.ua
X-Spam-Level: *
X-Spam-Status: No, score=1.8 required=6.5 tests=MIME_BASE64_TEXT,
	RCVD_ILLEGAL_IP autolearn=no version=3.1.8
X-Virus-Scanned: amavisd-new at example.com
Authentication-Results: spectr.org from=seriv@parkheights.dyndns.org;
	domainkey=temperror (DNS query timeout for
	._domainkey.parkheights.dyndns.org)
Message-ID: <46B0B136.5000705@parkheights.dyndns.org>
Date: Wed, 01 Aug 2007 12:13:42 -0400
From: Sergey <seriv@parkheights.dyndns.org>
User-Agent: Thunderbird 2.0.0.5 (X11/20070727)
MIME-Version: 1.0
To: ALT Linux security team list <security-team@lists.altlinux.org>
X-Enigmail-Version: 0.95.1
X-BeenThere: sisyphus@lists.altlinux.org
X-Mailman-Version: 2.1.9rc1
Precedence: list
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: base64
Sender: sisyphus-bounces@lists.altlinux.org
Errors-To: sisyphus-bounces@lists.altlinux.org
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: ALT Linux Sisyphus mailing list <sisyphus@lists.altlinux.org>,
	ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
Subject: [Sysadmins] [sisyphus] I: dovecot-1.0.3 with small security fix
X-BeenThere: sysadmins@lists.altlinux.org
Reply-To: ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>,
	ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
List-Id: ALT Linux sysadmin discuss <sysadmins.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sysadmins>
List-Post: <mailto:sysadmins@lists.altlinux.org>
List-Help: <mailto:sysadmins-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Aug 2007 16:13:29 -0000
Message-ID: <20070801161342.K6Ca5aS2RywdYHMI4oQ1EzlCkxh4hzkMR98p68Sq-4k@z>
Archived-At: <http://lore.altlinux.org/sysadmins/20070801161342.K6Ca5aS2RywdYHMI4oQ1EzlCkxh4hzkMR98p68Sq-4k@z/>
List-Archive: <http://lore.altlinux.org/sysadmins/>

9yBpbmNvbWluZy9TaXN5cGh1cyDOwdDSwdfMxc4gZG92ZWNvdC0xLjAuMy5oZzIwMDcwODAxLWFs
dDEuc3JjLnJwbSwKz8LOz9fMo87O2cogxM8g18XS08nJIDEuMC4zCvPSxcTJIMnT0NLB18zFzsnK
IC0gz9vJwsvBINcgwsXaz9DB087P09TJINcgzc/E1czFIEFDTCBwbHVnaW46CnYxLjAuMyAyMDA3
LTA4LTAxICBUaW1vIFNpcmFpbmVuIDx0c3NAaWtpLmZpPgotIGRlbGl2ZXI6IHYxLjAuMidzIGJv
dW5jZSBmaXggY2F1c2VkIG1lc3NhZ2UgdG8gYmUgYWx3YXlzIHNhdmVkIHRvCiAgSU5CT1ggZXZl
biBpZiBTaWV2ZSBzY3JpcHQgaGFkIGRpc2NhcmQsIHJlamVjdCBvciByZWRpcmVjdCBjb21tYW5k
cy4KLSBMREFQOiBhdXRoX2JpbmQ9eWVzIGFuZCBlbXB0eSBhdXRoX2JpbmRfdXNlcmRuIGxlYWtl
ZCBtZW1vcnkKLSBBQ0wgcGx1Z2luOiBJZiB1c2VyIHdhcyBnaXZlbiBpIChpbnNlcnQpIHJpZ2h0
IGZvciBhIG1haWxib3gsIGJ1dAogIG5vdCBhbGwgcy90L3cgKHNlZW4sIGRlbGV0ZWQsIG90aGVy
IGZsYWdzKSByaWdodHMsIENPUFkgYW5kIEFQUEVORAogIGNvbW1hbmRzIHdlcmVuJ3Qgc3VwcG9z
ZWQgdG8gYWxsb3cgc2F2aW5nIHRob3NlIGZsYWdzLiBUaGlzIGlzCiAgdGVjaG5pY2FsbHkgYSBz
ZWN1cml0eSBmaXgsIGJ1dCBpdCdzIHVubGlrZWx5IHRoaXMgY2F1c2VkIHByb2JsZW1zCiAgZm9y
IGFueW9uZS4KLSBBQ0wgcGx1Z2luOiBpIChpbnNlcnQpIHJpZ2h0IGRpZG4ndCB3b3JrIHVubGVz
cyB1c2VyIHdhcyBhbHNvIGdpdmVuCiAgbCAobG9va3VwKSByaWdodC4KCi0tIAoJ88XSx8XKIOnX
wc7P1wpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpTaXN5
cGh1cyBtYWlsaW5nIGxpc3QKU2lzeXBodXNAbGlzdHMuYWx0bGludXgub3JnCmh0dHBzOi8vbGlz
dHMuYWx0bGludXgub3JnL21haWxtYW4vbGlzdGluZm8vc2lzeXBodXM=