dovecot: remote DoS via an incomplete SSL/TLS handshake (CVE-2014-3430)
Dovecot 1.1 before 2.2.13 and dovecot-ee before 188.8.131.52 and 2.2.x before 184.108.40.206 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.
•MLIST:[Dovecot-news] 20140511 v2.2.13 released
•MLIST:[dovecot] 20140508 Denial of Service attacks against Dovecot v1.1+
•MLIST:[oss-security] 20140509 CVE request: Denial of Service attacks against Dovecot v1.1+
•MLIST:[oss-security] 20140509 Re: CVE request: Denial of Service attacks against Dovecot v1.1+
(from redmine: issue id 2956, created on 2014-05-23, closed on 2014-06-10)