Your message dated Mon, 22 Feb 2016 15:04:54 +0200 with message-id <20160222130454.gb25...@marvin.ws.skroutz.gr> and subject line Fixed in 2.2.13-12 has caused the Debian Bug report #772765, regarding dovecot-imapd: segmentation fault on tls/ssl client connect to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 772765: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772765 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: dovecot-imapd Version: 1:2.2.13-11 Severity: important Hi, dovecot-imapd 1:2.2.13-11 (jessie) segfaults when an old openssl release (at least a client based on 0.9.8n [yes, I should update...]) tries to connect to it. Connecting with newer openssl versions does not result in a segfault. Here is a backtrace: (gdb) bt #0 0x00007fdfa63694f3 in SSL_accept () from /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 #1 0x00007fdfa6c22f40 in ssl_handshake (proxy=0x7fdfa8546550) at ssl-proxy-openssl.c:480 #2 ssl_step (proxy=0x7fdfa8546550) at ssl-proxy-openssl.c:544 #3 0x00007fdfa6c228fa in ssl_proxy_flush (proxy=0x7fdfa8546550) at ssl-proxy-openssl.c:815 #4 ssl_proxy_destroy (proxy=0x7fdfa8546550) at ssl-proxy-openssl.c:823 #5 0x00007fdfa6c22a54 in ssl_handle_error (proxy=0x7fdfa8546550, ret=-1, func_name=0x7fdfa6c25a79 "SSL_accept()") at ssl-proxy-openssl.c:464 #6 0x00007fdfa6c23011 in ssl_handshake (proxy=0x7fdfa8546550) at ssl-proxy-openssl.c:482 #7 ssl_step (proxy=0x7fdfa8546550) at ssl-proxy-openssl.c:544 #8 0x00007fdfa6c1f9ca in client_connected_finish (conn=0x7fffed9b7eb0) at main.c:147 #9 0x00007fdfa695e7a3 in master_service_listen (l=0x7fdfa8540290) at master-service.c:834 #10 0x00007fdfa69b2d0f in io_loop_call_io (io=0x7fdfa85403d0) at ioloop.c:441 #11 0x00007fdfa69b3d09 in io_loop_handler_run_internal (ioloop=ioloop@entry=0x7fdfa85147b0) at ioloop-epoll.c:220 #12 0x00007fdfa69b2d79 in io_loop_handler_run (ioloop=ioloop@entry=0x7fdfa85147b0) at ioloop.c:488 #13 0x00007fdfa69b2df8 in io_loop_run (ioloop=0x7fdfa85147b0) at ioloop.c:465 #14 0x00007fdfa695ddc3 in master_service_run (service=0x7fdfa8514640, callback=callback@entry=0x7fdfa6c1fb20 <client_connected>) at master-service.c:566 #15 0x00007fdfa6c2012b in login_binary_run (binary=<optimized out>, argc=2, argv=0x7fdfa8514390) at main.c:421 #16 0x00007fdfa65aeb45 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #17 0x00007fdfa7051dea in _start () -- Sebastian
--- End Message ---
--- Begin Message ---Version: 1:2.2.13-12 Hi, This is actually CVE-2015-3420, fixed in 1:2.2.13-12 (see #783649). Regards, Apollon
--- End Message ---
