From 14f8a374c5526755418155cc3084f3c4bbd5897a Mon Sep 17 00:00:00 2001
From: Aldas Nabazas <aldas@opensde.net>
Date: Fri, 14 Mar 2008 11:03:33 +0100
Subject: [PATCH] [dovecot] Updated (1.0.10 -> 1.0.13) : SECURITY - HIGH

CVE-2008-1199 (Medium) :
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create
dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify
files or directories that are writable by group, via a symlink attack.

CVE-2008-1218 (Medium) :
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using
blocking passdbs, allows remote attackers to bypass the password check via a password
containing TAB characters, which are treated as argument delimiters that enable the
skip_password_check field to be specified.
---
 mail/dovecot/dovecot.desc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mail/dovecot/dovecot.desc b/mail/dovecot/dovecot.desc
index 4a518c78e..04b57e4e9 100644
--- a/mail/dovecot/dovecot.desc
+++ b/mail/dovecot/dovecot.desc
@@ -33,9 +33,9 @@
 
 [L] GPL
 [S] Stable
-[V] 1.0.10
+[V] 1.0.13
 [P] X -----5---9 194.300
 
 [CV-URL] http://www.dovecot.org/download.html
 
-[D] 2673598774 dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/
+[D] 3030217544 dovecot-1.0.13.tar.gz http://dovecot.org/releases/1.0/