search for: wielicki

On 02.12.2016 10:45, Jonas Wielicki wrote: > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: >> We are sorry to report that we have a bug in dovecot, which merits a >> CVE. See details below. If you haven't configured any auth_policy_* >> settings you are ok. This is fixed with >> https://git...

On 03/12/2016 12:08, Jeremiah C. Foster wrote: > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which > merits a > CVE. See details below. If you haven't configured any > auth_policy_* > settings you are ok. This is fixed with > https://git.dovecot.net/dov...

...uot; <jeremiah at jeremiahfoster.com> wrote: > > > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember > > > 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we > > > have a bug in dovecot, which > > > merits a > > > CVE. See details below. If you haven't configured any > > > auth_policy_* > > > se...

On Samstag, 27. Januar 2018 21:33:51 CET you wrote: > Hi thank you for these, can you send doveconf -n for your minimal > reproducer? Ah darn, I was so caught up getting the valgrind traces that I forgot about that. Here you go: # 2.4.devel (54d0a5a30): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 4.14.0-2-amd64 x86_64 Debian buster/sid # Hostname: sinistra.sotecware.net auth_debug =

We are sorry to report that we have a bug in dovecot, which merits a CVE. See details below. If you haven't configured any auth_policy_* settings you are ok. This is fixed with https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae and https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c67a8612fc Important vulnerability in Dovecot

On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > On 02.12.2016 10:45, Jonas Wielicki wrote: > > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: > > > We are sorry to report that we have a bug in dovecot, which > > > merits a > > > CVE. See details below. If you haven't configured any > > > auth_policy_* > > > setting...

On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:? > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember > > 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we > > have a bug in dovecot, which > > merits a > > CVE. See details below. If you haven't configured any > > auth_policy_* > > settings you are ok. This is fix...

...; iahfoster.com> wrote: > > > > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > > > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > > > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:? > > > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. > > > > Dezember > > > > 2016 09:00:58 CET Aki Tuomi wrote: <snip> > > > > Important vulnerability in Dovecot (CVE-2016-8562)? > > > > Are you sure about the CVE number? According to Debian [1 [1]] > > > > an...

Hi thank you for these, can you send doveconf -n for your minimal reproducer? Aki > On January 27, 2018 at 4:37 PM Jonas Wielicki <jonas at wielicki.name> wrote: > > > Dear list, > > We are encountering troubles with dovecot using LDAP userdbs on Debian stretch > (but if I?m reading valgrind correctly, we can reproduce this with vanilla > dovecot master). Minimal reproducer below. > > Wh...

...and > https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c6 > 7a8612fc > > Important vulnerability in Dovecot (CVE-2016-8562) Are you sure about the CVE number? According to Debian [1] and mitre [2], it?s for SIEMENS something, not Dovecot. best regards, Jonas Wielicki [1]: https://security-tracker.debian.org/tracker/CVE-2016-8562 [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8562 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a d...

On Sonntag, 28. Januar 2018 13:59:24 CEST Jonas Wielicki wrote: > On Samstag, 27. Januar 2018 21:33:51 CET you wrote: > > Hi thank you for these, can you send doveconf -n for your minimal > > reproducer? > Has this been fixed in any release? I?m not sure how to figure this out, unfortunately. kind regards, Jonas

Dear list, We are encountering troubles with dovecot using LDAP userdbs on Debian stretch (but if I?m reading valgrind correctly, we can reproduce this with vanilla dovecot master). Minimal reproducer below. While testing an upgrade to Debian stretch (dovecot-core=1:2.2.27-3+deb9u1), auth-worker has stopped working. We are using two LDAP user databases; one which is iterable, and one which

...ted in this patch, please let me know! In that case, I would consider making an own plugin, which fewer backends (possibly only a mailtrain-like one) out of this, but frankly, I would consider that a waste of resources. In the hope that this is useful for others and hoping for feedback, Jonas Wielicki -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEG/EPV+Xzd5wEoQQIwGIDJZdiWIoFAlg4Fd0ACgkQwGIDJZdi WIpM3Q//TWVHDFx5LK14y0jOnxzE7kGthc6hakILnWqYgl7B/wlljD1HLrec//hg 9LEancjURnv3sPU/kEEpl6RRDX5kDMbXXKXMq7/1R7bNdmeMz5NEebAo7ktlCii7 ikk7MPL0F8UViY7IoW7y5NxfqMUldYseejn0GwKiVkEyqlyGLRbP7ijyzMWjpIWp eqOg/b5b...

...calls. Always define WIDL_C_INLINE_WRAPPERS. widl: Fail with error on an attempt to inherit interface from itself. mshtml: Added nsIDirectoryServiceProvider2 implementation. mshtml: Use nsIDirectoryServiceProvider2::GetFiles to provide Wine-specific plugin directory. Jonas Wielicki (1): wined3d: Fix crash in wined3d_device_reset with gdi backend for directdraw. Julian R?ger (1): po: Update German translation. J?r?me Gardou (1): opengl32/tests: Do not pass NULL attrib list to wglCreatePBufferARB. J?zef Kucia (7): d3dx9: ID3DXConstantTable::SetMatrix...

Hello, I have few Windows2000 Pro samba domain members which logon to the domain without any obstacles. Recently I decided to upgrade all client workstations to WindowsXP SP2. Fresh copy of WindowsXP joined domain properly but when I tried to logon as usual it accepted password and shut down after a while (logs of samba confirm that workstation logged on). Windows claims that winlogon caused