similar to: v2.3.5.2 released

Displaying 20 results from an estimated 20000 matches similar to: "v2.3.5.2 released"

2019 Apr 18
2
v2.3.5.2 released
Lets try again, put wrong changelog to the mail. Sorry about this. https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-10691: Trying to login with 8bit username containing ??? ? invalid UTF8 input causes auth process to crash if auth policy is ??? ? enabled. This could be
2019 Apr 18
2
v2.3.5.2 released
Lets try again, put wrong changelog to the mail. Sorry about this. https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-10691: Trying to login with 8bit username containing ??? ? invalid UTF8 input causes auth process to crash if auth policy is ??? ? enabled. This could be
2019 Mar 28
2
v2.3.5.1 released
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files.
2019 Mar 28
2
v2.3.5.1 released
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files.
2019 Mar 28
2
CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-2964 (Bug ID) Vulnerability type: CWE-120 Vulnerable version: 2.0.14 - 2.3.5 Vulnerable component: fts, pop3-uidl-plugin Report confidence: Confirmed Researcher credits: Found in internal testing Solution status: Fixed by Vendor Fixed version: 2.3.5.1, 2.2.36.3 Vendor notification: 2019-02-05 Solution date: 2019-03-21 Public
2019 Mar 28
2
CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-2964 (Bug ID) Vulnerability type: CWE-120 Vulnerable version: 2.0.14 - 2.3.5 Vulnerable component: fts, pop3-uidl-plugin Report confidence: Confirmed Researcher credits: Found in internal testing Solution status: Fixed by Vendor Fixed version: 2.3.5.1, 2.2.36.3 Vendor notification: 2019-02-05 Solution date: 2019-03-21 Public
2019 Mar 28
1
v2.2.36.3 released
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files. --- Aki Tuomi Open-Xchange oy
2019 Mar 28
1
v2.2.36.3 released
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files. --- Aki Tuomi Open-Xchange oy
2019 Mar 28
0
v2.3.5.1 released
Hi, Why didn?t you apply this patch to v2.3.5.1? commit df8addd41d87e61113de22a21a0e61506a8d74c2 Author: Stephan Bosch <stephan.bosch at dovecot.fi> Date: Tue Mar 12 03:18:33 2019 +0100 submission-login: client-authenticate - Fix crash occurring when client disconnects during authentication. diff --git a/src/submission-login/client-authenticate.c
2019 Apr 18
0
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18
2019 Apr 18
0
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18
2019 Feb 05
0
CVE-2019-3814: Suitable client certificate can be used to login as other user
Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. Please find patches for v2.2.36 and v2.3.4 attached, or download new version from https://dovecot.org Yours sincerely, Aki Tuomi Open-Xchange Oy
2015 Mar 23
0
Dovecot Oy merger with Open-Xchange AG
I find it extremely interesting that no one has commented on the merger of Dovecot Oy and Open-Xchange AG as announced by Timo on the 19th. Is this something that was known a long time ago and I missed? OK checked the on-line archive of the mailing list, no comments there - its not my email set-up - LOL. I am usually emotionally (at least) against of open-source projects loosing their
2015 Mar 23
1
Dovecot Oy merger with Open-Xchange AG
I think everyone shares your concerns. But there are no rules that the outcome of this merger must get something bad, so let's see what happens. I hope that it's true what Timo said and that dovecot can evolve and get even better as it is today. Good luck guys! Regards, Adrian. On 23.03.15 15:08, Andreas Kasenides wrote: > I find it extremely interesting that no one has commented on
2019 Mar 28
1
CVE-2019-7524 backport patch for 2.2.33.2
Hello Aki, I'm currently stuck with 2.2.33.2 as 2.2.36 still duplicates mails after pop3 deletion on a two node dsync cluster. Therefore I've created a small patch and it seems only these two files are affected: dovecot-2.2.36.3/src/lib-storage/index/index-pop3-uidl.c dovecot-2.2.36.3/src/plugins/fts/fts-api.c Please correct me if I have missed something. Best regards Gerald
2019 Mar 28
2
Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 28 March 2019 16:37 Kevin A. McGrail via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>
2019 Oct 09
2
Buster packages available
Hi! We have now buster packages available starting from 2.3.8. You can find them from https://repo.dovecot.org/ In related news, we are planning on dropping packages for Debian Jessie, Ubuntu 18 and CentOS6 starting from 2.3.9. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size:
2019 Oct 09
2
Buster packages available
Hi! We have now buster packages available starting from 2.3.8. You can find them from https://repo.dovecot.org/ In related news, we are planning on dropping packages for Debian Jessie, Ubuntu 18 and CentOS6 starting from 2.3.9. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size:
2019 Jul 12
2
Pigeonhole release v0.5.7
Hi! We are pleased to release Pigeonhole release v0.5.7. Tarball is available at https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- + vacation: Made the subject for the automatic response message produced ?
2019 Oct 08
0
Pigeonhole v0.5.8 released
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.8.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.8.tar.gz.sig Binary packages in https://repo.dovecot.org/ Changes - Sieve may leak resources in rare cases when a redirect, vacation or report action fails to send the message. This mainly applies when Sieve is executed in IMAP context; i.e., for