FEDORA-2016-daf90926d4 created by mhlavink 4 years ago for Fedora 25
  • Fixed crash in auth process when auth-policy was configured and authentication was aborted/failed without a username set.
  • director: If two users had different tags but the same hash, the users may have been redirected to the wrong tag's hosts.
  • Index files may have been thought incorrectly lost, causing "Missing middle file seq=.." to be logged and index rebuild. This happened more easily with IMAP hibernation enabled.
  • Various fixes to restoring state correctly in un-hibernation.
  • dovecot.index files were commonly 4 bytes per email too large. This is because 3 bytes per email were being wasted that could have been used for IMAP keywords.
  • Various fixes to handle dovecot.list.index corruption better.
  • lib-fts: Fixed assert-crash in address tokenizer with specific input.
  • Fixed assert-crash in HTML to text parsing with specific input (e.g. for FTS indexing or snippet generation)
  • doveadm sync -1: Fixed handling mailbox GUID conflicts.
  • sdbox, mdbox: Perform full index rebuild if corruption is detected inside lib-index, which runs index fsck.
  • quota: Don't skip quota checks when moving mails between different quota roots.
  • search: Multiple sequence sets or UID sets in search parameters weren't handled correctly. They were incorrectly merged together.

How to install

sudo dnf upgrade --advisory=FEDORA-2016-daf90926d4

This update has been submitted for testing by mhlavink.

4 years ago

This update has been pushed to testing.

4 years ago
User Icon bojan commented & provided feedback 4 years ago

Works on x86_64.

User Icon bradw commented & provided feedback 4 years ago

Personal LAMP and mail server running GNOME. All OK.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for stable by mhlavink.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
4 years ago
in testing
4 years ago
in stable
4 years ago
BZ#1401025 CVE-2016-8652 dovecot: Remote crash when auth-policy component is activated [fedora-all]

Automated Test Results