similar to: sieve security problem

Please, note: http://secunia.com/advisories/23115/ A port maintainer CC'ed. -- Dixi. Sem.

I just confirmed the following bug on my firefox. http://secunia.com/advisories/14820/ Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050219 Firefox/1.0 (I think my firefox is a month or two behind, from ports, but the advisary indicates both 1.0.1 and 1.0.2 are effected.) FreeBSD localhost 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004

http://secunia.com/advisories/54438/ Since I already got 3 private mails about this, here's the same reply for everyone (actually updated, now that I looked at the code): This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one pop3 process to crash in assert, which was handling only the connection that had already disconnected. (Unless you were running a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure when parsing SMB responses == can result in a buffer overrun == == CVE ID#: CVE-2008-1105 == == Versions: Samba 3.0.0 - 3.0.29 (inclusive) == == Summary: Specifically crafted SMB responses can result == in a heap overflow

As a Cygwin rsync package maintainer, the following security fixes have been brought to my attention: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-stats-fix.patch http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-fname-obo.patch And while they seem "trusted" enough to me (present in many packages such as Gentoo, FreeBSD

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure in GETDC mailslot == processing can result in a buffer overrun == == CVE ID#: CVE-2007-6015 == == Versions: Samba 3.0.0 - 3.0.27a (inclusive) == == Summary: Specifically crafted GETDC mailslot requests == can trigger a

Keir, I noticed that a Shadow patch went into the 3.1.1 staging tree today. Does this mean that we should expect a 4th release candidate before the 3.1.1 release tag is official? If so - how much testing time are you going to give that release candidate before deciding whether a release tag, or another RC round is appropriate? Ben Guthro _______________________________________________

Hi i tested acls with some clients horde/imp mulberry thunderbird squirrelmail kmail and i couldnt get it run proberly i have no problems testing setacl etc with plain telnet session, and i have no error in verbose logging but it looks like acl is only working partly with some clients so show acls is working mostly but setting only partly horde/imp and mulberry dont show any acls any idea? --

Hello, For some reason, I thought little about the "clear" command today.. Let's say a privileged user (root) logs on, edit a sensitive file (e.g, a file containing a password, running vipw, etc) .. then runs clear and logout. Then anyone can press the scroll-lock command, scroll back up and read the sensitive information.. Isn't "clear" ment to clear the

Hi Timo, playing a lot with dbox but folder deletion seems to me broken, whatever setting i tested i cant delete subfolders with thunderbird, i first thought about acls but deactivate acl didnt helped splitting control an index files from dbox also didnt work, i cant find any failure message in the logs, but there is also no entry for delete trys all debug level are in the highest stage on this

Hi Timo, wiki says --------- Shared mailbox listing ..... You could use any dictionary backend, such as SQL or Berkeley DB, but a simple flat file should work pretty well too: plugin { acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes.db } .... -------- could you include an example for having acl_shared_dict in sql ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria

I think, there is a neat exploit in the phpbb2.0.8 because I found my home page defaced one dark morning. The patch for phpBB is here. http://www.phpbb.com/downloads.php The excerpt of the log is attached. I believe the link to the described exploit is here. http://secunia.com/advisories/13239 The defacement braggen page is here filter to show the exploited FreeBSD machines that aneurysm.inc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi @ll, just a version Question to the gurus, i found SMBLDAP-TOOLS version 0.7 in the Samba sources but today there was an upgrade to smbldap-tools 0.8.7 by IDEALX will the samba team upgrade SMBLDAP-TOOLS in the samba sources too? If not what are the reasons not to do so? - -- Mit freundlichen Gruessen Best Regards Robert Schetterer

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi @ll, i try use acl with imap with dovecot latest but i dont get trough , is there more info online then written in the wiki ? i have a setup like http://wiki.dovecot.org/DovecotLDAPostfixAdminMySQL but with this acl dont seems to work , and folders arent reported with acls to i.e thnderbird - -- Mit freundlichen Gruessen Best Regards Robert

Hi Timo,guess this patch break my setup http://hg.dovecot.org/dovecot-1.2/rev/dd49cf3fd2c9 the log entry does not look very right cause i dont use relative paths or i missinterpreted somthing here Jul 10 21:12:29 dovecot: Error: Relative home directory paths not supported (user robert at schetterer.com): maildir:/usr/local/virtual/schetterer.com/robert at schetterer.com/ how can i get my old

Hi Timo, quota dict seems to be broken with 1.2.alpha1 MAP(robert at schetterer.com): read(/var/run/dovecot/dict-server) failed: Remote disconnected dovecot: Sep 24 18:43:16 Error: dict: Error in configuration file /etc/dovecot/dovecot-dict-quota.conf line 1: Unknown setting: driver dovecot: Sep 24 18:43:16 Error: dict: Failed to initialize dictionary 'quotadict'

Hi all, ive just upgrade to rc21 ( so i dont know perhaps this report failure is fixed with this release ) i have reports from users that attachments get broken ( with rc19, dont know about before ) with some accounts , which where downloaded via a pop3 service to a exchange server, but in fact nothing is broken when looking with imap to the mailboxes Has anyone an idea, i havent any failure logs

Hi all, is acl ( with acl plugin enabled ) anounced in imap_capability list by dovecot i cant find it in telnet tests, so is it my fault or is it default beavior using 1.1.rc12 -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria

Hi @ll, has anybody tried this with dovecot yet ? http://www.xtreemfs.org/ -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria

Hi @ll i have somthing like namespace public { separator = / prefix = "public/" location = dbox:/usr/local/virtual/%d/public inbox = no list = yes subscriptions = yes hidden = no } which works nice if i set location = maildir:/usr/local/virtual/%d/public %d expansion works right with maildir but if user mailboxes are on dbox with public namespace too, dovecot