Date: Tue, 20 May 2014 21:32:54 +0200 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE request: dovecot denial of service Hi, we were made aware of a recently fixed DoS vulnerability in Dovecot, which doesn't seem to have a CVE id assigned: http://dovecot.org/list/dovecot-news/2014-May/000273.html states: * Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging arond for a long time. (Affected Dovecot v1.1+) Could a CVE be assigned for this vulnerability? Thanks, -- Yves-Alexis Perez - Debian Security Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ