We are pleased to release v2.3.10.1 Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.10.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.10.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- - CVE-2020-10957: lmtp/submission: A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication. - CVE-2020-10958: lmtp/submission: Sending many invalid or unknown commands can cause the server to access freed memory, which can lead to a server crash. This happens when the server closes the connection with a "421 Too many invalid commands" error. The bad command limit depends on the service (lmtp or submission) and varies between 10 to 20 bad commands. - CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 475 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20200518/b3dfbf03/attachment.sig>
On 2020-05-18 13:03, Aki Tuomi wrote:> We are pleased to release v2.3.10.1 Please find it from locations > below: > > https://dovecot.org/releases/2.3/dovecot-2.3.10.1.tar.gz > https://dovecot.org/releases/2.3/dovecot-2.3.10.1.tar.gz.sig > Binary packages in https://repo.dovecot.org/ > Docker images in https://hub.docker.com/r/dovecot/dovecotThose binary packages and docker images are only available for the AMD 64 processor architecture. I am currently running Dovecot on a Debian Buster machine with an Arm 64 processor (ARMv8). Is there any possibility that you could make builds for that architecture available? Alternatively, could you publish the build configuration for you Debian packages or docker images? I can't find any packaging information in your github repo. Thanks. -- David Pottage
> On 20/05/2020 16:13 David Pottage <david at electric-spoon.com> wrote: > > > On 2020-05-18 13:03, Aki Tuomi wrote: > > We are pleased to release v2.3.10.1 Please find it from locations > > below: > > > > https://dovecot.org/releases/2.3/dovecot-2.3.10.1.tar.gz > > https://dovecot.org/releases/2.3/dovecot-2.3.10.1.tar.gz.sig > > Binary packages in https://repo.dovecot.org/ > > Docker images in https://hub.docker.com/r/dovecot/dovecot > > Those binary packages and docker images are only available for the AMD > 64 processor architecture. > > I am currently running Dovecot on a Debian Buster machine with an Arm 64 > processor (ARMv8). Is there any possibility that you could make builds > for that architecture available? > > Alternatively, could you publish the build configuration for you Debian > packages or docker images? I can't find any packaging information in > your github repo. > > Thanks. > > -- > David PottageHi David, We are not currently able to produce ARM packages, and it's not really a thing for us, *but*, you can find all packaging files from repo.dovecot.org: https://repo.dovecot.org/ce-2.3-latest/debian/buster/pool/main/2.3.10.1-3_ce/ Sources: https://repo.dovecot.org/ce-2.3-latest/debian/buster/pool/main/2.3.10.1-3_ce/dovecot_2.3.10.1.orig.tar.gz Packaging files: https://repo.dovecot.org/ce-2.3-latest/debian/buster/pool/main/2.3.10.1-3_ce/dovecot_2.3.10.1-3%2Bdebian10.debian.tar.xz plus similar for pigeonhole + imaptest in same directory. and src.rpm files too: https://repo.dovecot.org/ce-2.3-latest/centos/7/SRPMS/2.3.10.1-3_ce/ Aki Tuomi