forums.meulie.net

[Dovecot-news] v2.3.5.2 released

#1

https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig
Binary packages in https://repo.dovecot.org/

  • CVE-2019-7524: Missing input buffer size validation leads into
    arbitrary buffer overflow when reading fts or pop3 uidl header
    from Dovecot index. Exploiting this requires direct write access to
    the index files.

Aki Tuomi
Open-Xchange oy


Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news