Fedora alert FEDORA-2008-9232 (dovecot)

From:
    	     
 
updates@fedoraproject.org
To:
    	     
 
fedora-package-announce@redhat.com
Subject:
    	     
 
[SECURITY] Fedora 8 Update: dovecot-1.0.15-14.fc8
Date:
    	     
 
Thu, 30 Oct 2008 12:51:56 +0000
Message-ID:
    	     
 
<20081030125156.A5656208DB1@bastion.fedora.phx.redhat.com>
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9232
2008-10-30 11:42:05
--------------------------------------------------------------------------------

Name        : dovecot
Product     : Fedora 8
Version     : 1.0.15
Release     : 14.fc8
URL         : http://www.dovecot.org/
Summary     : Dovecot Secure imap server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind.  It also contains a small POP3 server.  It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plugins are in their subpackages.

--------------------------------------------------------------------------------
Update Information:

fix handling of negative rights in the ACL plugin
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 29 2008 Michal Hlavinka <mhlavink@redhat.com> - 1:1.0.15-14
- fix handling of negative rights in the ACL plugin (Resolves: CVE-2008-4577)
* Thu Aug 14 2008 Dan Horak <dan[at]danny.cz> - 1:1.0.15-13
- add missing defattr into subpackages
- remove unused patches from CVS
* Tue Jul 29 2008 Dan Horak <dan[at]danny.cz> - 1:1.0.15-12
- really ask for the password during start-up
* Tue Jul 29 2008 Dan Horák <dan[at]danny.cz> - 1:1.0.15-11
- final solution for #445200 (put the password into /etc/sysconfig/dovecot)
* Tue Jul  1 2008 Dan Horák <dan[at]danny.cz> - 1:1.0.15-10
- bump release
* Sun Jun 22 2008 Dan Horák <dan[at]danny.cz> - 1:1.0.15-1
- update to latest upstream 1.0.15
- Resolves: #452088
* Wed Jun 18 2008 Dan Horak <dan[at]danny.cz> - 1:1.0.14-9
- update init script (Resolves: #451838)
* Sat Jun  7 2008 Dan Horak <dan[at]danny.cz> - 1:1.0.14-8
- build devel subpackage (Resolves: #306881)
* Fri Jun  6 2008 Dan Horák <dan[at]danny.cz> - 1:1.0.14-7
- update to latest upstream stable (dovecot 1.0.14, sieve plugin 1.0.3)
- Resolves: #445200, #448095, #450010
* Sun Mar  9 2008 Tomas Janousek <tjanouse@redhat.com> - 1:1.0.13-6
- update to latest upstream stable (1.0.13)
* Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1:1.0.10-5
- Autorebuild for GCC 4.3
* Mon Jan  7 2008 Tomas Janousek <tjanouse@redhat.com> - 1:1.0.10-4
- update to latest upstream stable (1.0.10)
* Wed Dec  5 2007 Jesse Keating <jkeating@redhat.com> - 1:1.0.7-3
- Bump for deps
* Mon Nov  5 2007 Tomas Janousek <tjanouse@redhat.com> - 1:1.0.7-2
- update to latest upstream stable (1.0.7)
- added the winbind patch (#286351)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #467436 - CVE-2008-4577 dovecot: incorrect handling of negative rights in the ACL
plugin
        https://bugzilla.redhat.com/show_bug.cgi?id=467436
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update dovecot' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...