forums.meulie.net

[Dovecot-news] v2.3.5.2 released - correction

#1

Lets try again, put wrong changelog to the mail. Sorry about this.

https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig
Binary packages in https://repo.dovecot.org/

* CVE-2019-10691: Trying to login with 8bit username containing
  invalid UTF8 input causes auth process to crash if auth policy is
  enabled. This could be used rather easily to cause a DoS. Similar
  crash also happens during mail delivery when using invalid UTF8 in
  From or Subject header when OX push notification driver is used.

Aki Tuomi
Open-Xchange oy


Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news