thr3ads.net - Dovecot news - [Dovecot-news] v2.2.36.3 released [Mar 2019]

If this information is useful, please help other people find it:
Share via:

Aki Tuomi

2019-Mar-28 11:41 UTC

[Dovecot-news] v2.2.36.3 released

https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig

??? * CVE-2019-7524: Missing input buffer size validation leads into
????? arbitrary buffer overflow when reading fts or pop3 uidl header
????? from Dovecot index. Exploiting this requires direct write access to
????? the index files.

---
Aki Tuomi
Open-Xchange oy

Aki Tuomi

2019-Mar-28 12:45 UTC

head link

[Dovecot-news] v2.2.36.3 released

On 28.3.2019 13.41, Aki Tuomi via dovecot wrote:> https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz
> https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig
>
> ??? * CVE-2019-7524: Missing input buffer size validation leads into
> ????? arbitrary buffer overflow when reading fts or pop3 uidl header
> ????? from Dovecot index. Exploiting this requires direct write access to
> ????? the index files.
>
> ---
> Aki Tuomi
> Open-Xchange oy
>Small mistake in the URLs, please use these.

https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz.sig

Aki



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL:
<https://dovecot.org/pipermail/dovecot-news/attachments/20190328/e8e24fd5/attachment.sig>

Seemingly Similar Threads

Search for more reasonably related threads

Dovecot news - Mar 2019 - v2.2.36.3 released

[Dovecot-news] v2.2.36.3 released

[Dovecot-news] v2.2.36.3 released

Seemingly Similar Threads