Displaying 20 results from an estimated 20000 matches similar to: "v2.3.5.2 released"
2019 Apr 18
2
v2.3.5.2 released
Lets try again, put wrong changelog to the mail. Sorry about this.
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig
Binary packages in https://repo.dovecot.org/
??? * CVE-2019-10691: Trying to login with 8bit username containing
??? ? invalid UTF8 input causes auth process to crash if auth policy is
??? ? enabled. This could be
2019 Apr 18
2
v2.3.5.2 released
Lets try again, put wrong changelog to the mail. Sorry about this.
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig
Binary packages in https://repo.dovecot.org/
??? * CVE-2019-10691: Trying to login with 8bit username containing
??? ? invalid UTF8 input causes auth process to crash if auth policy is
??? ? enabled. This could be
2019 Mar 28
2
v2.3.5.1 released
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig
Binary packages in https://repo.dovecot.org/
??? * CVE-2019-7524: Missing input buffer size validation leads into
????? arbitrary buffer overflow when reading fts or pop3 uidl header
????? from Dovecot index. Exploiting this requires direct write access to
????? the index files.
2019 Mar 28
2
v2.3.5.1 released
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig
Binary packages in https://repo.dovecot.org/
??? * CVE-2019-7524: Missing input buffer size validation leads into
????? arbitrary buffer overflow when reading fts or pop3 uidl header
????? from Dovecot index. Exploiting this requires direct write access to
????? the index files.
2019 Mar 28
2
CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-2964 (Bug ID)
Vulnerability type: CWE-120
Vulnerable version: 2.0.14 - 2.3.5
Vulnerable component: fts, pop3-uidl-plugin
Report confidence: Confirmed
Researcher credits: Found in internal testing
Solution status: Fixed by Vendor
Fixed version: 2.3.5.1, 2.2.36.3
Vendor notification: 2019-02-05
Solution date: 2019-03-21
Public
2019 Mar 28
2
CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-2964 (Bug ID)
Vulnerability type: CWE-120
Vulnerable version: 2.0.14 - 2.3.5
Vulnerable component: fts, pop3-uidl-plugin
Report confidence: Confirmed
Researcher credits: Found in internal testing
Solution status: Fixed by Vendor
Fixed version: 2.3.5.1, 2.2.36.3
Vendor notification: 2019-02-05
Solution date: 2019-03-21
Public
2019 Mar 28
1
v2.2.36.3 released
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig
??? * CVE-2019-7524: Missing input buffer size validation leads into
????? arbitrary buffer overflow when reading fts or pop3 uidl header
????? from Dovecot index. Exploiting this requires direct write access to
????? the index files.
---
Aki Tuomi
Open-Xchange oy
2019 Mar 28
1
v2.2.36.3 released
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig
??? * CVE-2019-7524: Missing input buffer size validation leads into
????? arbitrary buffer overflow when reading fts or pop3 uidl header
????? from Dovecot index. Exploiting this requires direct write access to
????? the index files.
---
Aki Tuomi
Open-Xchange oy
2019 Mar 28
0
v2.3.5.1 released
Hi,
Why didn?t you apply this patch to v2.3.5.1?
commit df8addd41d87e61113de22a21a0e61506a8d74c2
Author: Stephan Bosch <stephan.bosch at dovecot.fi>
Date: Tue Mar 12 03:18:33 2019 +0100
submission-login: client-authenticate - Fix crash occurring when client disconnects during authentication.
diff --git a/src/submission-login/client-authenticate.c
2019 Apr 18
0
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
Dear subscribers,
we're sharing our latest advisory with you and would like to thank
everyone who contributed in finding and solving those vulnerabilities.
Feel free to join our bug bounty programs (open-xchange, dovecot,
powerdns) at HackerOne.
You can find binary packages at https://repo.dovecot.org/
Yours sincerely,
Aki Tuomi
Open-Xchange Oy
Open-Xchange Security Advisory 2019-04-18
2019 Apr 18
0
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
Dear subscribers,
we're sharing our latest advisory with you and would like to thank
everyone who contributed in finding and solving those vulnerabilities.
Feel free to join our bug bounty programs (open-xchange, dovecot,
powerdns) at HackerOne.
You can find binary packages at https://repo.dovecot.org/
Yours sincerely,
Aki Tuomi
Open-Xchange Oy
Open-Xchange Security Advisory 2019-04-18
2019 Feb 05
0
CVE-2019-3814: Suitable client certificate can be used to login as other user
Dear subscribers,
we're sharing our latest advisory with you and would like to thank
everyone who contributed in finding and solving those vulnerabilities.
Feel free to join our bug bounty programs (open-xchange, dovecot,
powerdns) at HackerOne. Please find patches for v2.2.36 and v2.3.4 attached,
or download new version from https://dovecot.org
Yours sincerely,
Aki Tuomi
Open-Xchange Oy
2015 Mar 23
0
Dovecot Oy merger with Open-Xchange AG
I find it extremely interesting that no one has commented on the merger
of Dovecot Oy and Open-Xchange AG as announced by Timo on the 19th. Is
this something that was known a long time ago and I missed? OK checked
the on-line archive of the mailing list, no comments there - its not my
email set-up - LOL.
I am usually emotionally (at least) against of open-source projects
loosing their
2015 Mar 23
1
Dovecot Oy merger with Open-Xchange AG
I think everyone shares your concerns. But there are no rules that the
outcome of this merger must get something bad, so let's see what
happens. I hope that it's true what Timo said and that dovecot can
evolve and get even better as it is today. Good luck guys!
Regards, Adrian.
On 23.03.15 15:08, Andreas Kasenides wrote:
> I find it extremely interesting that no one has commented on
2019 Mar 28
1
CVE-2019-7524 backport patch for 2.2.33.2
Hello Aki,
I'm currently stuck with 2.2.33.2 as 2.2.36 still duplicates mails after pop3 deletion on a two node dsync cluster.
Therefore I've created a small patch and it seems only these two files are affected:
dovecot-2.2.36.3/src/lib-storage/index/index-pop3-uidl.c
dovecot-2.2.36.3/src/plugins/fts/fts-api.c
Please correct me if I have missed something.
Best regards
Gerald
2019 Mar 28
2
Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 28 March 2019 16:37 Kevin A. McGrail via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
</div>
2019 Oct 09
2
Buster packages available
Hi!
We have now buster packages available starting from 2.3.8. You can find
them from https://repo.dovecot.org/
In related news, we are planning on dropping packages for Debian Jessie,
Ubuntu 18 and CentOS6 starting from 2.3.9.
---
Aki Tuomi
Open-Xchange oy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size:
2019 Oct 09
2
Buster packages available
Hi!
We have now buster packages available starting from 2.3.8. You can find
them from https://repo.dovecot.org/
In related news, we are planning on dropping packages for Debian Jessie,
Ubuntu 18 and CentOS6 starting from 2.3.9.
---
Aki Tuomi
Open-Xchange oy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size:
2019 Jul 12
2
Pigeonhole release v0.5.7
Hi!
We are pleased to release Pigeonhole release v0.5.7.
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
-------
+ vacation: Made the subject for the automatic response message produced
?
2019 Oct 08
0
Pigeonhole v0.5.8 released
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.8.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.8.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Changes
- Sieve may leak resources in rare cases when a redirect, vacation or
report action fails to send the message. This mainly applies when Sieve
is executed in IMAP context; i.e., for