We are pleased to release Dovecot release v18.104.22.168
Tarball is available at
Binary packages are available at https://repo.dovecot.org/
- CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Found by Nick Roessler and Rafi Rubin.