Hello Aki, I'm currently stuck with 2.2.33.2 as 2.2.36 still duplicates mails after pop3 deletion on a two node dsync cluster. Therefore I've created a small patch and it seems only these two files are affected: dovecot-2.2.36.3/src/lib-storage/index/index-pop3-uidl.c dovecot-2.2.36.3/src/plugins/fts/fts-api.c Please correct me if I have missed something. Best regards Gerald -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-CVE-2019-7524-2.2.36-1-3.patch Type: application/octet-stream Size: 1217 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20190328/e012c578/attachment.obj>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 28 March 2019 17:11 Gerald Galster via dovecot <
<a
href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>>
wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
Hello Aki,
</div>
<div>
<br>
</div>
<div>
I'm currently stuck with 2.2.33.2 as 2.2.36 still duplicates mails after
pop3 deletion on a two node dsync cluster.
</div>
<div>
<br>
</div>
<div>
Therefore I've created a small patch and it seems only these two files
are affected:
</div>
<div>
<br>
</div>
<div>
dovecot-2.2.36.3/src/lib-storage/index/index-pop3-uidl.c
</div>
<div>
dovecot-2.2.36.3/src/plugins/fts/fts-api.c
</div>
<div>
<br>
</div>
<div>
Please correct me if I have missed something.
</div>
<div>
<br>
</div>
<div>
Best regards
</div>
<div>
Gerald
</div>
</blockquote>
<div>
<br>
</div>
<div>
Seems to be correct, yes.
</div>
<div class="io-ox-signature">
<pre>---
Aki Tuomi</pre>
</div>
</body>
</html>
Reasonably Related Threads
- CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
- CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
- v2.2.36.3 released
- v2.2.36.3 released
- Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files