similar to: Dovecot lifecycle announcement

for some reason Aki's posts are not making it to my GMail account from this list. Any idea why? On Tue, Feb 5, 2019 at 10:04 AM Eric Broch <ebroch at whitehorsetc.com> wrote: > Thank you! > On 2/5/2019 8:43 AM, Aki Tuomi wrote: > > Hi, > > as per our EOL statement 2.2.36 receives security and critical updates. > That said, we decided to flush few annoying bugs

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> Hi, </div> <div> <br> </div> <div> as per our EOL statement 2.2.36 receives security and critical updates. That said, we decided to flush few annoying bugs with .1 release. </div> <div> <br>

Thank you! On 2/5/2019 8:43 AM, Aki Tuomi wrote: > Hi, > > as per our EOL statement 2.2.36 receives security and critical > updates. That said, we decided to flush few annoying bugs with .1 > release. > > You do not need to build releases for 2.2. > > Aki >> On 05 February 2019 at 17:36 Eric Broch < ebroch at whitehorsetc.com >> <mailto:ebroch at

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. Please find patches for v2.2.36 and v2.3.4 attached, or download new version from https://dovecot.org Yours sincerely, Aki Tuomi Open-Xchange Oy

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18

I find it extremely interesting that no one has commented on the merger of Dovecot Oy and Open-Xchange AG as announced by Timo on the 19th. Is this something that was known a long time ago and I missed? OK checked the on-line archive of the mailing list, no comments there - its not my email set-up - LOL. I am usually emotionally (at least) against of open-source projects loosing their

I think everyone shares your concerns. But there are no rules that the outcome of this merger must get something bad, so let's see what happens. I hope that it's true what Timo said and that dovecot can evolve and get even better as it is today. Good luck guys! Regards, Adrian. On 23.03.15 15:08, Andreas Kasenides wrote: > I find it extremely interesting that no one has commented on

https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some configurations Dovecot ??? ? mistakenly trusts the username provided via authentication instead ??? ? of failing.

https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some configurations Dovecot ??? ? mistakenly trusts the username provided via authentication instead ??? ? of failing.

Hi all! We are pleased to release v0.5.19 of Pigeonhole. This release is done to maintain parity with dovecot 2.3.19 release, so it does not contain any news-worthy changes. https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.18.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.18.tar.gz Binary packages in https://repo.dovecot.org/ Docker images in

Hi all! We are pleased to release v0.5.19 of Pigeonhole. This release is done to maintain parity with dovecot 2.3.19 release, so it does not contain any news-worthy changes. https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.18.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.18.tar.gz Binary packages in https://repo.dovecot.org/ Docker images in

https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files. --- Aki Tuomi Open-Xchange oy

We are pleased to release v2.3.9.2 of Dovecot. Please find it from locations below https://dovecot.org/releases/2.3/dovecot-2.3.9.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.9.2.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot --- - Mails with empty From/To headers can also cause crash in push notification drivers. ---

https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files. --- Aki Tuomi Open-Xchange oy

We are pleased to release v2.3.9.2 of Dovecot. Please find it from locations below https://dovecot.org/releases/2.3/dovecot-2.3.9.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.9.2.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot --- - Mails with empty From/To headers can also cause crash in push notification drivers. ---

https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files.

https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files.

Aki, What's the difference between 2.2.x and 2.3.x version of Dovecot? And why do you maintain both? I stopped building RPM's of the 2.2.x version and now only build 2.3.x. Should I be maintaining both? Eric On 2/5/2019 6:01 AM, Aki Tuomi wrote: > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig > >

We are pleased to release first release candidate for v0.5.14. We have done changes to packaging so please give us any feedback on how it works. https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.17.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.17.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in