forums.meulie.net

[Dovecot-news] v2.2.36.3 released

#1

https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz.sig

  • CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files.

Aki Tuomi
Open-Xchange oy


Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news

0 Likes