Hi! We are pleased to release Pigeonhole release v0.4.24.2 Tarball is available at https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sig Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to out of bounds heap ? memory writes. Found by Nick Roessler and Rafi Rubin. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20190828/6748291f/attachment.sig>
Aki Tuomi, 28.08.19, 14:06 CEST:> Tarball is available at > > https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz > https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sigOn https://pigeonhole.dovecot.org/download.html the link to the pigeonhole sources points to <https://pigeonhole.dovecot.org/releases/2.2.42.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz> which (obviously) doesn't work. -- Regards mks
On 28.8.2019 22.07, Markus Sch?nhaber via dovecot wrote:> Aki Tuomi, 28.08.19, 14:06 CEST: > >> Tarball is available at >> >> https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz >> https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sig > On > https://pigeonhole.dovecot.org/download.html > the link to the pigeonhole sources points to > <https://pigeonhole.dovecot.org/releases/2.2.42.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz> > which (obviously) doesn't work. >Seems to be correct now. Aki