http://dovecot.org/releases/1.2/dovecot-1.2.11.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.11.tar.gz.sig mbox users really should upgrade, because by sending a message with a huge header you could basically cause a DoS (this problem exists only with v1.2.x, not with v1.0 or v1.1). - mbox: Message header reading was unnecessarily slow. Fetching a huge header could have resulted in Dovecot eating a lot of CPU. Also searching messages was much slower than necessary. - mbox, dbox, cydir: Mail root directory was created with 0770 permissions, instead of 0700. - maildir: Reading uidlist could have ended up in an infinite loop. - IMAP IDLE: v1.2.7+ caused extra load by checking changes every 0.5 seconds after a change had occurred in mailbox -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20100308/ef71451b/attachment-0002.bin>
Timo Sirainen wrote:> http://dovecot.org/releases/1.2/dovecot-1.2.11.tar.gz > http://dovecot.org/releases/1.2/dovecot-1.2.11.tar.gz.sig > > mbox users really should upgrade, because by sending a message with a > huge header you could basically cause a DoS (this problem exists only > with v1.2.x, not with v1.0 or v1.1). > > - mbox: Message header reading was unnecessarily slow. Fetching a > huge header could have resulted in Dovecot eating a lot of CPU. > Also searching messages was much slower than necessary. > - mbox, dbox, cydir: Mail root directory was created with 0770 > permissions, instead of 0700. > - maildir: Reading uidlist could have ended up in an infinite loop. > - IMAP IDLE: v1.2.7+ caused extra load by checking changes every > 0.5 seconds after a change had occurred in mailbox >I have a paper deadline this Friday, so a new release of Pigeonhole will be delayed until this weekend. Regards, Stephan.