Candidate: CVE-2013-2111
PublicDate: 2014-05-27 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2111
 http://www.openwall.com/lists/oss-security/2013/05/24/1
 http://www.openwall.com/lists/oss-security/2013/05/22/8
Description:
 The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to
 cause a denial of service (infinite loop and CPU consumption) via invalid
 APPEND parameters.
Ubuntu-Description:
Notes:
 seth-arnold> "low" because after authentication a user can cause their own process
  to spin; there are per-(user,IP) connection limits to limit the slowdown.
 mdeslaur> only seems to affect 2.2.x
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_dovecot:
 upstream: http://hg.dovecot.org/dovecot-2.2/rev/ea0390e1789f
upstream_dovecot: released (2.2.2)
lucid_dovecot: not-affected
precise_dovecot: not-affected
quantal_dovecot: not-affected
raring_dovecot: ignored (reached end-of-life)
saucy_dovecot: not-affected (1:2.1.7-7ubuntu3)
trusty_dovecot: not-affected (1:2.2.9-1ubuntu2)
trusty/esm_dovecot: not-affected (1:2.2.9-1ubuntu2)
devel_dovecot: not-affected (1:2.2.9-1ubuntu2)