Candidate: CVE-2008-4907
PublicDate: 2008-11-04 00:58:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4907
 https://ubuntu.com/security/notices/USN-666-1
Description:
 The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the
 FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause
 a denial of service (persistent crash) via an email with a malformed From
 address, which triggers an assertion error, aka "invalid message address
 parsing bug."
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/290901
Priority: medium
Discovered-by:
Assigned-to: mathiaz
CVSS: 

Patches_dovecot:
upstream_dovecot: released (1.1.6)
dapper_dovecot: not-affected (1.1.4 and 1.1.5 only)
gutsy_dovecot: not-affected (1.1.4 and 1.1.5 only)
hardy_dovecot: not-affected (1.1.4 and 1.1.5 only)
intrepid_dovecot: released (1:1.1.4-0ubuntu1.2)
devel_dovecot: not-affected (1:1.1.4-0ubuntu1.2)