PublicDate: 2008-03-06 21:44:00 UTC
Candidate: CVE-2008-1199
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1199
 https://ubuntu.com/security/notices/USN-593-1
Description:
 Dovecot before 1.0.11, when configured to use mail_extra_groups to allow
 Dovecot to create dotlocks in /var/mail, might allow local users to read
 sensitive mail files for other users, or modify files or directories that
 are writable by group, via a symlink attack.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_dovecot:
upstream_dovecot: released (1.0.11)
dapper_dovecot: released (1.0.beta3-3ubuntu5.6)
edgy_dovecot: released (1.0.rc2-1ubuntu2.3)
feisty_dovecot: released (1.0.rc17-1ubuntu2.3)
gutsy_dovecot: released (1:1.0.5-1ubuntu2.2)
devel_dovecot: released (1:1.0.10-1ubuntu3)