[VIM] Dovecot 'LIST' Command Denial of Service Vulnerability

Dinesh Theerthagiri Dinesh_Theerthagiri at symantec.com
Thu Aug 15 04:13:55 CDT 2013


Henri and George, 

We looked at Timo's reply http://openwall.com/lists/oss-security/2013/08/14/6 , it don't have security impact.
On this confirmation we have retired BID 61763. 

Thanks for Henri and George for correcting us. 


-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of Henri Salo
Sent: 15 August 2013 10:46
To: Vulnerability Information Managers
Subject: Re: [VIM] Dovecot 'LIST' Command Denial of Service Vulnerability

On Wed, Aug 14, 2013 at 11:25:18AM -0700, Dinesh Theerthagiri wrote:
> You are right BID 61763 has a wrong CVE number (CVE-2013-2111). Now we corrected by removing the CVE number. 
> 
> We consider 'LIST' command as DOS vulnerability because of below reference:
> http://www.dovecot.org/list/dovecot-news/2013-August/000261.html
> 
> Thanks,
> T.Dinesh

Please see Timo's reply in oss-security http://openwall.com/lists/oss-security/2013/08/14/6

I don't think this requires CVE or other security vulnerability handling.

---
Henri Salo


More information about the VIM mailing list