tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: dovecot-[0-9]* denial-of-service

On Mon, 11 Apr 2016 11:29:32 -0400
"D'Arcy J.M. Cain" <> wrote:

> I have two questions.  First, is that perhaps too broad a stroke?  Is
> it reasonable to make every version of dovecot, now and in the future,
> subject to such an entry?  Would something more surgical be better?

Agreed. I looked at this the other day, and I think this is too broad and not substantiated enough.

> The entry was made almost a year ago and there have been updates since
> then specifically mentioning items that might have dealt with this but
> without an actual reference to a bug report we can't tell if this is
> fixed or not or even if it was a problem in the first place.

Yep. I suggest asking upstream, and/or other dovecot maintainers (say, in Debian).


Benny Siegert <>

Home | Main Index | Thread Index | Old Index