From 522e698890c59f8f2218949296ee64abeea16dd0 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Date: Thu, 26 Nov 2009 11:34:09 +0300
Subject: [PATCH 1/3] mail/dovecot: VuXML entry for CVE-2009-3897

Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
---
 security/vuxml/vuln.xml |   32 ++++++++++++++++++++++++++++++++
 1 files changed, 32 insertions(+), 0 deletions(-)

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index cb372f0..beccc9b 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -35,6 +35,38 @@ Note:  Please add new entries to the beginning of this file.
 -->
 
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="aed75f0c-da64-11de-954e-0022156e8794">
+    <topic>Dovecot -- insecure directories created at installation time</topic>
+    <affects>
+      <package>
+        <name>dovecot</name>
+        <range><gt>1.2.0</gt><lt>1.2.8</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>Dovecot maintainers report:</p>
+        <blockquote
+          cite="http://dovecot.org/list/dovecot-news/2009-November/000143.html">
+          <p>This (release 1.2.8) is mainly to fix the 0777 base_dir
+          creation issue, which could be considered a security hole,
+          exploitable by local users. An attacker could for example
+          replace Dovecot's auth socket and log in as other users.
+          Gaining root privileges isn't possible though.</p>
+        </blockquote>
+      </body>
+    </description>
+    <references>
+      <bid>37084</bid>
+      <cvename>CVE-2009-3897</cvename>
+      <url>http://dovecot.org/list/dovecot-news/2009-November/000143.html</url>
+    </references>
+    <dates>
+      <discovery>2009-25-11</discovery>
+      <entry>TODAY</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="92ca92c1-d859-11de-89f9-001517351c22">
     <topic>bugzilla -- information leak</topic>
     <affects>
-- 
1.6.5.3