On 03/12/2016 12:08, Jeremiah C. Foster wrote:> On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which > merits a > CVE. See details below. If you haven't configured any > auth_policy_* > settings you are ok. This is fixed with > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f3 > 4be960cff13 > a5a725ae and > https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d > 57351fd42c6 > 7a8612fc > > Important vulnerability in Dovecot (CVE-2016-8562) > Are you sure about the CVE number? According to Debian [1 [1]] and > mitre [2 [2]], it's > for SIEMENS something, not Dovecot. > > best regards, > Jonas Wielicki > > [1]: https://security-tracker.debian.org/tracker/CVE-2016-8562 > [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-856 > 2Ups, sent wrong number, correct is CVE-2016-8652. That is the same number, no? No, read it again. the wrong and pasted copie are 8 5 62, his revised is 8 6 52 -- Kind Regard, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [3] and ODF [4] documents accepted, please do not send proprietary formatted documents Links: ------ [1] https://security-tracker.debian.org/tracker/CVE-2016-8562 [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-856 [3] http://www.adobe.com/ [4] http://en.wikipedia.org/wiki/OpenDocument
On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote:> On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:? > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember > > 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we > > have a bug in dovecot, which > > merits a > > CVE. See details below. If you haven't configured any > > auth_policy_* > > settings you are ok. This is fixed with > > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f3 > > 4be960cff13 > > a5a725ae and > > https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d > > 57351fd42c6 > > 7a8612fc > > > > Important vulnerability in Dovecot (CVE-2016-8562)? > > Are you sure about the CVE number? According to Debian [1 [1]] and > > mitre [2 [2]], it's? > > for SIEMENS something, not Dovecot. > > > > best regards, > > Jonas Wielicki > > > > [1]: https://security-tracker.debian.org/tracker/CVE-2016-8562 > > [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-856 > > 2 > > Ups, sent wrong number, correct is CVE-2016-8652.? > That is the same number, no?? > > No, read it again. the wrong and pasted copie are 8 5 62, his revised > is > 8 6 52?Ah, thank you. So I guess the CVE is then here: https://cve.mitre.org/c gi-bin/cvename.cgi?name=CVE-2016-8652 but this doesn't provide a whole lot more information yet. Cheers, Jeremiah
> On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jeremiahfoster.com> wrote: > > > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember > > > 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we > > > have a bug in dovecot, which > > > merits a > > > CVE. See details below. If you haven't configured any > > > auth_policy_* > > > settings you are ok. This is fixed with > > > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f3 > > > 4be960cff13 > > > a5a725ae and > > > https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d > > > 57351fd42c6 > > > 7a8612fc > > > > > > Important vulnerability in Dovecot (CVE-2016-8562) > > > Are you sure about the CVE number? According to Debian [1 [1]] and > > > mitre [2 [2]], it's > > > for SIEMENS something, not Dovecot. > > > > > > best regards, > > > Jonas Wielicki > > > > > > [1]: https://security-tracker.debian.org/tracker/CVE-2016-8562 > > > [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-856 > > > 2 > > > > Ups, sent wrong number, correct is CVE-2016-8652. > > That is the same number, no? > > > > No, read it again. the wrong and pasted copie are 8 5 62, his revised > > is > > 8 6 52 > > Ah, thank you. So I guess the CVE is then here: https://cve.mitre.org/c > gi-bin/cvename.cgi?name=CVE-2016-8652 but this doesn't provide a whole > lot more information yet. > > Cheers, > > JeremiahHi! What piece of information are you missing? Aki