tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: dovecot-[0-9]* denial-of-service

On 11.04.2016 17:29, D'Arcy J.M. Cain wrote:
Try again with the correct mailing list name.

I have two questions.  First, is that perhaps too broad a stroke?  Is
it reasonable to make every version of dovecot, now and in the future,
subject to such an entry?  Would something more surgical be better?

Second, the reference is to a thread on a mailing list.  This is just
chatter discussing whether there is a vulnerability or not.  There is
no reference to an official bug report.

Hmmm.  I guess I have one question and one comment, not two questions.

The entry was made almost a year ago and there have been updates since
then specifically mentioning items that might have dealt with this but
without an actual reference to a bug report we can't tell if this is
fixed or not or even if it was a problem in the first place.


Since this came to us from secunia (which closed access for everybody), and they haven't reach any agreement on this thread, I'm more inclined to remove this entry at all. I'll look around this more.


Home | Main Index | Thread Index | Old Index