Dovecot news - Mar 2019 - v2.2.36.3 released

https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig

??? * CVE-2019-7524: Missing input buffer size validation leads into
????? arbitrary buffer overflow when reading fts or pop3 uidl header
????? from Dovecot index. Exploiting this requires direct write access to
????? the index files.

---
Aki Tuomi
Open-Xchange oy

On 28.3.2019 13.41, Aki Tuomi via dovecot wrote:
> https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz
> https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig
>
> ??? * CVE-2019-7524: Missing input buffer size validation leads into
> ????? arbitrary buffer overflow when reading fts or pop3 uidl header
> ????? from Dovecot index. Exploiting this requires direct write access to
> ????? the index files.
>
> ---
> Aki Tuomi
> Open-Xchange oy
>
Small mistake in the URLs, please use these.

https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz.sig

Aki



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL:
<https://dovecot.org/pipermail/dovecot-news/attachments/20190328/e8e24fd5/attachment.sig>