thijs at alioth.debian.org
2007-Dec-30 10:46 UTC
[Secure-testing-commits] r7765 - data/CVE
Author: thijs Date: 2007-12-30 10:46:36 +0000 (Sun, 30 Dec 2007) New Revision: 7765 Modified: data/CVE/list Log: dovecot ldap+auth cache issue, very specific configuration required Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-12-30 10:19:21 UTC (rev 7764) +++ data/CVE/list 2007-12-30 10:46:36 UTC (rev 7765) @@ -1,3 +1,9 @@ +CVE-2007-XXXX [dovecot LDAP auth may authenticate as wrong user] + - dovecot 1:1.0.10-1 (low; bug #458315) + [sarge] - dovecot <not-affected> (Vulnerable code not present) + NOTE: http://dovecot.org/list/dovecot-news/2007-December/000057.html + NOTE: low, because issue is only with quite rare configurations + NOTE: CVE id requested CVE-2007-XXXX [dovecot LDAP infinite loop] - dovecot 1:1.0.10-1 (unimportant) NOTE: Can only be triggered by an attacker being able to disconnect,