The reason the bug was closed the second time is that a changelog mentioned this bug number again after this bug was reopened:
* Dropped:
- debian/patches/fix-message-parser.dpatch: Parsing an invalid message
address like "From: (" caused an assert-crash. (LP: #290901).
(CVE-2008-4907 - fixed in 1.1.6)
- debian/patches/login-max-process-count-warning.dpatch: Tell the user
that they have reached the maximum number of processes count.
(LP: #189616) - Different implementation from upstream.
- debian/patches/fix-dovecot-sieve.dpatch: Fixes assertion error
when a header string ends with a LF (LP: #264306). Implemented upstream.
So it seems that the upstream patch provided for the first issue isn't enough.
Matt, I've tried to process the three mbox files you've attached to this bug. Both the 1st and 3rd one don't produce any errors.
However the 2nd one produces the following error: dovecot/ deliver [0x7f06f76ebab2] -> /usr/lib/ dovecot/ deliver( default_ fatal_handler+ 0x37) [0x7f06f76ebbc7] -> /usr/lib/ dovecot/ deliver [0x7f06f76eb1e8] -> /usr/lib/ dovecot/ modules/ lda/lib90_ cmusieve_ plugin. so [0x7f06f6cb0170] -> /usr/lib/ dovecot/ modules/ lda/lib90_ cmusieve_ plugin. so [0x7f06f6cba387] -> /usr/lib/ dovecot/ modules/ lda/lib90_ cmusieve_ plugin. so(sieve_ eval_bc+ 0x47d) [0x7f06f6cbb4ad] -> /usr/lib/ dovecot/ modules/ lda/lib90_ cmusieve_ plugin. so(sieve_ execute_ bytecode+ 0xf6) [0x7f06f6cc1116] -> /usr/lib/ dovecot/ modules/ lda/lib90_ cmusieve_ plugin. so(cmu_ sieve_run+ 0x318) [0x7f06f6cb1188] -> /usr/lib/ dovecot/ modules/ lda/lib90_ cmusieve_ plugin. so [0x7f06f6caf0eb] -> /usr/lib/ dovecot/ deliver( main+0x1032) [0x7f06f76803a2] -> /lib/libc. so.6(__ libc_start_ main+0xe6) [0x7f06f6ee95a6] -> /usr/lib/ dovecot/ deliver [0x7f06f767dfb9]
deliver(mathiaz): Apr 18 14:57:53 Panic: file sieve-cmu.c: line 90 (unfold_header): assertion failed: (str[i] == ' ' || str[i] == '\t')
deliver(mathiaz): Apr 18 14:57:53 Error: Raw backtrace: /usr/lib/
The reason the bug was closed the second time is that a changelog mentioned this bug number again after this bug was reopened:
* Dropped: patches/ fix-message- parser. dpatch: Parsing an invalid message CVE-2008- 4907 - fixed in 1.1.6) patches/ login-max- process- count-warning. dpatch: Tell the user patches/ fix-dovecot- sieve.dpatch: Fixes assertion error
- debian/
address like "From: (" caused an assert-crash. (LP: #290901).
(
- debian/
that they have reached the maximum number of processes count.
(LP: #189616) - Different implementation from upstream.
- debian/
when a header string ends with a LF (LP: #264306). Implemented upstream.
So it seems that the upstream patch provided for the first issue isn't enough.