From owner-freebsd-security@FreeBSD.ORG Sat Nov 8 14:10:02 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B85E41065672; Sat, 8 Nov 2008 14:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8E7368FC19; Sat, 8 Nov 2008 14:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mA8EA2nC007357; Sat, 8 Nov 2008 14:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mA8EA2KW007356; Sat, 8 Nov 2008 14:10:02 GMT (envelope-from gnats) Resent-Date: Sat, 8 Nov 2008 14:10:02 GMT Resent-Message-Id: <200811081410.mA8EA2KW007356@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@freebsd.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Cc: freebsd-security@freebsd.org, yds@coolrat.org, secteam@freebsd.org, delphij@freebsd.org Resent-Reply-To: FreeBSD-gnats-submit@freebsd.org, Eygene Ryabinkin Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C45CC106564A for ; Sat, 8 Nov 2008 14:03:07 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 73ED48FC13 for ; Sat, 8 Nov 2008 14:03:07 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from amnesiac.at.no.dns (dns.ccsem.infn.it [192.135.15.3]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1KyoP4-000DtI-FF for FreeBSD-gnats-submit@freebsd.org; Sat, 08 Nov 2008 17:03:06 +0300 Received: by amnesiac.at.no.dns (Postfix, from userid 1001) id AB42B17112; Sat, 8 Nov 2008 17:03:05 +0300 (MSK) Message-Id: <20081108140305.AB42B17112@amnesiac.at.no.dns> Date: Sat, 8 Nov 2008 17:03:05 +0300 (MSK) From: Eygene Ryabinkin To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 X-GNATS-Notify: freebsd-security@freebsd.org, yds@coolrat.org, secteam@freebsd.org, delphij@freebsd.org X-Mailman-Approved-At: Sat, 08 Nov 2008 16:04:16 +0000 Cc: Subject: ports/128698: [vuxml] new entry for Dovecot 1.1.4-1.1.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Nov 2008 14:10:03 -0000 >Number: 128698 >Category: ports >Synopsis: [vuxml] new entry for Dovecot 1.1.4-1.1.5 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Nov 08 14:10:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.1-PRERELEASE amd64 >Organization: Code Labs >Environment: Not applicable. >Description: Citing from http://www.dovecot.org/list/dovecot-news/2008-October/000089.html ----- The invalid message address parsing bug is pretty important since it allows a remote user to send broken mail headers and prevent the recipient from accessing the mailbox afterwards, because the process will always just crash trying to parse the header. This is assuming that the IMAP client uses FETCH ENVELOPE command, not all do. Note that it doesn't affect versions older than v1.1.4. ----- Currently, FreeBSD's Dovecot from ports is build from the 1.1.3 release and I doubt that it will be upgraded to something <= 1.1.6, since 1.1.6 is out. But who knows. >How-To-Repeat: Look at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4907 and references therein. >Fix: Possibly, the new VuXML entry can be added: --- dovecot-08.11.2008.xml begins here --- dovecot -- invalid message address parsing bug dovecot dovecot-devel 1.1.41.1.6

Dovecot reports:

The invalid message address parsing bug is pretty important since it allows a remote user to send broken mail headers and prevent the recipient from accessing the mailbox afterwards, because the process will always just crash trying to parse the header. This is assuming that the IMAP client uses FETCH ENVELOPE command, not all do. Note that it doesn't affect versions older than v1.1.4.

 CVE-2008-4907 http://www.dovecot.org/list/dovecot-news/2008-October/000089.html http://secunia.com/advisories/32479/ http://xforce.iss.net/xforce/xfdb/46227/ http://www.securityfocus.com/bid/31997/ 2008-10-30 2008-11-08 --- dovecot-08.11.2008.xml ends here --- As I said, I greatly doubt that official FreeBSD ports will ever have these versions of Dovecot, but people can update their ports to receive the new Dovecot versions, so there can be some reasons to add it. The only PR that contains Dovecot is ports/128469 and it upgrades the port to the "safe" version 1.1.6. >Release-Note: >Audit-Trail: >Unformatted: