Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Mar 2010 18:30:46 +0100
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
CC: oss-security <>
Subject: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing
 email with huge header

Hi Steve, vendors,

   Dovecot upstream has released latest v1.2.11 version of Dovecot IMAP server:

   addressing one denial of service issue (from upstream announcement):
   "mbox users really should upgrade, because by sending a message with
    a huge header you could basically cause a DoS (this problem exists only
    with v1.2.x, not with v1.0 or v1.1)."


Could you allocate a CVE id for it?

Thanks && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ