Will upload the attached NMU fixing this problem unless the maintainer wishes otherwise.
Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
diff -u dovecot-1.0.15/debian/changelog dovecot-1.0.15/debian/changelog --- dovecot-1.0.15/debian/changelog +++ dovecot-1.0.15/debian/changelog @@ -1,3 +1,14 @@ +dovecot (1:1.0.15-2.3) unstable; urgency=medium + + * Non-maintainer upload + * Urgency medium due to RC bug fix + * Fix ManageSieve security hole "virtual users can edit scripts of other + virtual users" described at + <http://dovecot.org/list/dovecot/2008-November/035259.html> + (closes: #506031) + + -- Dominic Hargreaves <[EMAIL PROTECTED]> Wed, 19 Nov 2008 18:11:36 +0000 + dovecot (1:1.0.15-2.2) unstable; urgency=medium * Non-maintainer upload diff -u dovecot-1.0.15/debian/patches/00list dovecot-1.0.15/debian/patches/00list --- dovecot-1.0.15/debian/patches/00list +++ dovecot-1.0.15/debian/patches/00list @@ -1,4 +1,5 @@ dovecot-MANAGESIEVE-9.3 +dovecot-1.0.15-managesieve-v9.3-security dovecot-example dovecot-sql dovecot-drac only in patch2: unchanged: --- dovecot-1.0.15.orig/debian/patches/dovecot-1.0.15-managesieve-v9.3-security.dpatch +++ dovecot-1.0.15/debian/patches/dovecot-1.0.15-managesieve-v9.3-security.dpatch @@ -0,0 +1,43 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## dovecot-1.0.15-managesieve-v9.3-security.dpatch by +## Stephan Bosch <[EMAIL PROTECTED]> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: fix security hole in managesieve: virtual users can edit scripts +## DP: of other virtual users + [EMAIL PROTECTED]@ +diff -uNr --exclude=.hg dovecot-1.0.old/src/lib-sievestorage/sieve-save.c dovecot-1.0/src/lib-sievestorage/sieve-save.c +--- dovecot-1.0.old/src/lib-sievestorage/sieve-save.c 2008-11-17 16:45:54.000000000 +0100 ++++ dovecot-1.0/src/lib-sievestorage/sieve-save.c 2008-11-17 16:44:17.000000000 +0100 +@@ -154,6 +154,13 @@ + struct ostream *output; + const char *path; + ++ /* Disallow '/' characters in script name */ ++ if ( strchr(scriptname, '/') != NULL ) { ++ sieve_storage_set_error(storage, "Invalid script name '%s'.", ++ scriptname); ++ return NULL; ++ } ++ + /* Prevent overwriting the active script link when it resides in the + * sieve storage directory. + */ +diff -uNr --exclude=.hg dovecot-1.0.old/src/lib-sievestorage/sieve-script.c dovecot-1.0/src/lib-sievestorage/sieve-script.c +--- dovecot-1.0.old/src/lib-sievestorage/sieve-script.c 2008-11-17 16:45:54.000000000 +0100 ++++ dovecot-1.0/src/lib-sievestorage/sieve-script.c 2008-11-17 16:44:17.000000000 +0100 +@@ -93,6 +93,13 @@ + struct sieve_script *script; + const char *filename; + ++ /* Disallow '/' characters in script name */ ++ if ( strchr(scriptname, '/') != NULL ) { ++ sieve_storage_set_error(storage, "Invalid script name '%s'.", ++ scriptname); ++ return NULL; ++ } ++ + t_push(); + + filename = t_strconcat
