search for: stilkerich

Can you provide p *addr? Aki On 13.12.2019 13.15, Michael Stilkerich wrote: > HI, > > and the backtrace (essentially same as before except for the line numbers moved by the code changes): > > Core was generated by `dovecot/lmtp'. [50/7...

...hat I did with my manual lmtp dialog). Michael > On 13. Dec 2019, at 11:54, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > Hi! > > We have released v2.3.9.1 fixing this issue. > > Thank you for your effort! > > Aki > > On 13.12.2019 12.27, Michael Stilkerich wrote: >> Hallo Aki, >> >> the affected code location seems to be concerned with parsing to ?To:? header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains ?undisclosed-recipients:;?. >> >> I checked this manually an...

.... (and thats it, connection closed because of the segfault). Michael > On 11. Dec 2019, at 08:07, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > Hi! > > Can you provide a mail sample and doveconf -n please? > > Aki > >> On 11/12/2019 08:57 Michael Stilkerich via dovecot <dovecot at dovecot.org> wrote: >> >> >> Hello, >> >> since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue s...

...tware GmbH ? Internal reference: DOV-3719 Vulnerability type: NULL Pointer Dereference (CWE-476) Vulnerable version: 2.3.9 Vulnerable component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael Stilkerich Vendor notification: 2019-12-10 Solution date: 2019-12-12 Public disclosure: 2019-12-13 CVE reference: CVE-2019-19722 CVSS: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C) ? Vulnerability Details: Mail with group address as sender will cause a signal 11 crash in push notification d...

...tware GmbH ? Internal reference: DOV-3719 Vulnerability type: NULL Pointer Dereference (CWE-476) Vulnerable version: 2.3.9 Vulnerable component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael Stilkerich Vendor notification: 2019-12-10 Solution date: 2019-12-12 Public disclosure: 2019-12-13 CVE reference: CVE-2019-19722 CVSS: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C) ? Vulnerability Details: Mail with group address as sender will cause a signal 11 crash in push notification d...

...fd0) at ioloop.c:743 #29 0x00007fece566a4b3 in master_service_run (service=0x5569a8d5ce60, callback=<optimized out>) at master-service.c:809 #30 0x00005569a7b90b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169 Michael > On 13. Dec 2019, at 12:10, Michael Stilkerich <ms at mike2k.de> wrote: > > Hi Aki, > > first thanks for the quick fix. > > Unfortunately, it only resolves the issue partially. For the ?To: undisclosed-recipients:;?, it works now. For ?To: ? it still crashes (i. e. what I did with my manual lmtp dialog). > > Mi...

Hi, I'm using dovecot 2.0.13 that ships with Ubuntu 11.10. I tried setting up a shared namespace as documented in the wiki to enable the sharing of a mailbox between two users. I have a Maildir(++) directory for each user. Each user has a system account. The Maildir of each user is owned by the user's system account and group read/writable by the group mail (hence

Hi! We have released v2.3.9.1 fixing this issue. Thank you for your effort! Aki On 13.12.2019 12.27, Michael Stilkerich wrote: > Hallo Aki, > > the affected code location seems to be concerned with parsing to ?To:? header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains ?undisclosed-recipients:;?. > > I checked this manually and sure enough lmtp cr...

Hello, I am using Dovecot 2.2.19 with the solr backend for full text search and experience the following issue. When I issue a search that includes characters that are part of lucene's query syntax (e.g. the double quote character), dovecot does not escape the special characters and issues a request with invalid syntax to the solr server. For example, I search for foo"bar, then

Hi, I have shared one of my mailboxes to another user providing him full rights to that mailbox. $ doveadm acl get -u user1 doc ID Global Rights user=user2 admin create delete expunge insert lookup post read write write-deleted write-seen When that user creates a new mailbox within the shared mailbox, the

Hello, since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8. The backtrace from one of the coredumps: Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from

Hi! Can you provide a mail sample and doveconf -n please? Aki > On 11/12/2019 08:57 Michael Stilkerich via dovecot <dovecot at dovecot.org> wrote: > > > Hello, > > since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a...