similar to: Dovecot v2.2.36.1 released

for some reason Aki's posts are not making it to my GMail account from this list. Any idea why? On Tue, Feb 5, 2019 at 10:04 AM Eric Broch <ebroch at whitehorsetc.com> wrote: > Thank you! > On 2/5/2019 8:43 AM, Aki Tuomi wrote: > > Hi, > > as per our EOL statement 2.2.36 receives security and critical updates. > That said, we decided to flush few annoying bugs

Thank you! On 2/5/2019 8:43 AM, Aki Tuomi wrote: > Hi, > > as per our EOL statement 2.2.36 receives security and critical > updates. That said, we decided to flush few annoying bugs with .1 > release. > > You do not need to build releases for 2.2. > > Aki >> On 05 February 2019 at 17:36 Eric Broch < ebroch at whitehorsetc.com >> <mailto:ebroch at

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> Hi, </div> <div> <br> </div> <div> as per our EOL statement 2.2.36 receives security and critical updates. That said, we decided to flush few annoying bugs with .1 release. </div> <div> <br>

https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some configurations Dovecot ??? ? mistakenly trusts the username provided via authentication instead ??? ? of failing.

https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some configurations Dovecot ??? ? mistakenly trusts the username provided via authentication instead ??? ? of failing.

Hi, Here is the associated release for Pigeonhole: https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz.sig Binary packages included in https://repo.dovecot.org/ + imapsieve: Added imapsieve_expunge_discarded setting which causes discarded messages to be expunged

Aki, What's the difference between 2.2.x and 2.3.x version of Dovecot? And why do you maintain both? I stopped building RPM's of the 2.2.x version and now only build 2.3.x. Should I be maintaining both? Eric On 2/5/2019 6:01 AM, Aki Tuomi wrote: > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig > >

Hi, Here is the associated release for Pigeonhole: https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz.sig Binary packages included in https://repo.dovecot.org/ + imapsieve: Added imapsieve_expunge_discarded setting which causes discarded messages to be expunged

On 2019-02-05 13:07, Stephan Bosch via dovecot wrote: > Hi, > > Here is the associated release for Pigeonhole: > > https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz > https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz.sig > Binary packages included in https://repo.dovecot.org/ > > + imapsieve: Added

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. Please find patches for v2.2.36 and v2.3.4 attached, or download new version from https://dovecot.org Yours sincerely, Aki Tuomi Open-Xchange Oy

Due to DMARC issues some people have failed to receive the latest security information, so here it is repeated for both releases: 2.3.4.1 https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig <https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig> Binary packages in https://repo.dovecot.org/ * CVE-2019-3814: If

Due to DMARC issues some people have failed to receive the latest security information, so here it is repeated for both releases: 2.3.4.1 https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig <https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig> Binary packages in https://repo.dovecot.org/ * CVE-2019-3814: If

https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig <https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig> Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some

https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig <https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig> Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some

Hello Aki, > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig > > - pop3_no_flag_updates=no: Don't expunge RETRed messages without QUIT is this in any way related to the problem that has first been reported in march last year: "Duplicate mails on pop3 expunge with dsync replication on 2.2.35

On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > Due to DMARC issues some people have failed to receive the latest security > information, so here it is repeated for both releases: > > 2.3.4.1 > > https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz > https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig >

On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > Due to DMARC issues some people have failed to receive the latest security > information, so here it is repeated for both releases: > > 2.3.4.1 > > https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz > https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig >

Oh, so manual compile should NOT work and it's okay or am I missing something? On Tue, 5 Feb 2019 at 23:26, The Doctor <doctor at doctor.nl2k.ab.ca> wrote: > On Tue, Feb 05, 2019 at 11:18:45PM +0300, Odhiambo Washington via dovecot > wrote: > > On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot <dovecot at dovecot.org> > > wrote: > > > > > Due to

Oh, so manual compile should NOT work and it's okay or am I missing something? On Tue, 5 Feb 2019 at 23:26, The Doctor <doctor at doctor.nl2k.ab.ca> wrote: > On Tue, Feb 05, 2019 at 11:18:45PM +0300, Odhiambo Washington via dovecot > wrote: > > On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot <dovecot at dovecot.org> > > wrote: > > > > > Due to

I have always been able to compile manually, even from RCs so I believe I should be able to compile from the tarball as well. Something is broken, On Tue, 5 Feb 2019 at 23:29, Larry Rosenman <larryrtx at gmail.com> wrote: > pull the patches from the port..... > > > On Tue, Feb 5, 2019 at 2:28 PM Odhiambo Washington via dovecot < > dovecot at dovecot.org> wrote: >