forums.meulie.net

[Dovecot-news] Pigeonhole release v0.5.7.2

Hi!

We are pleased to release Pigeonhole release v0.5.7.2

Tarball is available at

https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig

Binary packages are available at https://repo.dovecot.org/

Changes

  • CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Found by Nick Roessler and Rafi Rubin.

Aki Tuomi
Open-Xchange oy


Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news