Source: dovecot Version: 1:2.2.13-11 Severity: important Tags: security upstream patch fixed-upstream
Hi, the following vulnerability was published for dovecot. CVE-2015-3420[0]: SSL/TLS handshake failures leading to a crash of the login process The segfault is easy reproducible if one takes openssl/1.0.2-1 from experimental. More information and reproducer steps are in [1,2] If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3420 [1] http://dovecot.org/pipermail/dovecot/2015-April/100618.html [2] http://dovecot.org/pipermail/dovecot/2015-April/100579.html [3] http://hg.dovecot.org/dovecot-2.2/rev/86f535375750 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
