We are pleased to release v2.3.9.3 of Dovecot. Please find it from locations below https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot --- v2.3.9.3 2019-02-12? Aki Tuomi <aki.tuomi at open-xchange.com> ??? * CVE-2020-7046: Truncated UTF-8 can be used to DoS ????? submission-login and lmtp processes. ??? * CVE-2020-7957: Specially crafted mail can crash snippet generation. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20200212/bb236153/attachment.sig>
# wget https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz --2020-02-12 05:09:26-- https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz Resolving dovecot.org (dovecot.org)... 94.237.12.234, 2a04:3545:1000:720:acc1:5bff:fe5e:4e9 Connecting to dovecot.org (dovecot.org)|94.237.12.234|:443... connected. HTTP request sent, awaiting response... 403 Forbidden 2020-02-12 05:09:26 ERROR 403: Forbidden. -- Best regards, Martynas Bendorius> On 2020-02-12, at 14:04, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > We are pleased to release v2.3.9.3 of Dovecot. Please find it from > locations below > > https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz > https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz.sig > Binary packages in https://repo.dovecot.org/ > Docker images in https://hub.docker.com/r/dovecot/dovecot > > --- > > v2.3.9.3 2019-02-12 Aki Tuomi <aki.tuomi at open-xchange.com> > > * CVE-2020-7046: Truncated UTF-8 can be used to DoS > submission-login and lmtp processes. > * CVE-2020-7957: Specially crafted mail can crash snippet generation. > > >
> On 12/02/2020 14:10 Martynas Bendorius <martynas at martynas.it> wrote: > > > # wget https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz > --2020-02-12 05:09:26-- https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz > Resolving dovecot.org (dovecot.org)... 94.237.12.234, 2a04:3545:1000:720:acc1:5bff:fe5e:4e9 > Connecting to dovecot.org (dovecot.org)|94.237.12.234|:443... connected. > HTTP request sent, awaiting response... 403 Forbidden > 2020-02-12 05:09:26 ERROR 403: Forbidden. > > -- > Best regards, > Martynas Bendorius > > > > On 2020-02-12, at 14:04, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > > We are pleased to release v2.3.9.3 of Dovecot. Please find it from > > locations below > > > > https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz > > https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz.sig > > Binary packages in https://repo.dovecot.org/ > > Docker images in https://hub.docker.com/r/dovecot/dovecot > > > > --- > > > > v2.3.9.3 2019-02-12 Aki Tuomi <aki.tuomi at open-xchange.com> > > > > * CVE-2020-7046: Truncated UTF-8 can be used to DoS > > submission-login and lmtp processes. > > * CVE-2020-7957: Specially crafted mail can crash snippet generation. > > > > > >Thanks for reporting this, it has been fixed! Sorry! Aki