1
PublicDateAtUSN: 2011-05-24
2
Candidate: CVE-2011-1929
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1929
6
https://usn.ubuntu.com/usn/usn-1143-1
8
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x
9
before 2.0.13 does not properly handle '\0' characters in header names,
10
which allows remote attackers to cause a denial of service (daemon crash or
11
mailbox corruption) via a crafted e-mail message.
14
sbeattie> both according to debian and based on testing, vulnerability
15
sbeattie> exists on 1.2.x and newer.
22
upstream_dovecot: released (2.0.13)
23
dapper_dovecot: ignored (reached end-of-life)
24
hardy_dovecot: not-affected (1:1.0.10-1ubuntu5.2)
25
lucid_dovecot: released (1:1.2.9-1ubuntu6.4)
26
maverick_dovecot: released (1:1.2.12-1ubuntu8.2)
27
natty_dovecot: released (1:1.2.15-3ubuntu2.1)
28
devel_dovecot: released (1:2.0.13-1ubuntu1)