similar to: Dovecot release v2.3.7.2

Dear subscribers, we have been made aware of critical vulnerability in Dovecot and Pigeonhole. --- Open-Xchange Security Advisory 2019-08-14 ? Product: Dovecot Vendor: OX Software GmbH ? Internal reference: DOV-3278 Vulnerability type: Improper input validation (CWE-20) Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4 Vulnerable component: IMAP and ManageSieve protocol parsers

Hi! We are pleased to release Pigeonhole release v0.5.7.2 Tarball is available at https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle

Hi! We are pleased to release Pigeonhole release v0.5.7.2 Tarball is available at https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle

Hi! We are pleased to release Dovecot release v2.2.36.4 Tarball is available at https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading

Hi! We are pleased to release Pigeonhole release v0.4.24.2 Tarball is available at https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sig Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading

Hi! We are pleased to release Dovecot release v2.2.36.4 Tarball is available at https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading

Dear subscribers, we have been made aware of critical vulnerability in Dovecot and Pigeonhole. --- Open-Xchange Security Advisory 2019-08-14 ? Product: Dovecot Vendor: OX Software GmbH ? Internal reference: DOV-3278 Vulnerability type: Improper input validation (CWE-20) Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4 Vulnerable component: IMAP and ManageSieve protocol parsers

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This fixes garbage I'm seeing consistently from readlink /dev/disk/by-uuid/..... during boot. Signed-off-by: Rafi Rubin <rafi at seas.upenn.edu> - --- usr/utils/readlink.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/usr/utils/readlink.c b/usr/utils/readlink.c index 5ea4e41..75a0735 100644 - ---

Hi Aki , I need to Sieve to match the message headers TO, CC, BCC against a list of email addresses. If it gets a match, I want Sieve to set the x-original-to header to that email address (I think I can do that with Sieve extension). Is this doable? Thanks,David. On Tuesday, 27 October 2020, 10:47:02 pm NZDT, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: imap proxy is a

Hi Aki, Thanks. I didn't know that about imapc - but by the way, I finally got it working. The reason why I am inserting Dovecot between my (single) client and our Exchange server (eventually - I am still testing against imap.gmail.com)? is to that I can manipulate the email with Sieve due to limitations of my client (Genesys). Give the above scenario, should I use imapc or proxy ? Thanks for

I have solved the port problem by specifying it in the passdb section as userdb_imapc_port=993 But:This is in the error log when I make a connection from the client: Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file settingOct 27 08:49:16 imapproxy01 dovecot: master: Error: service(auth): command startup failed, throttling

xxxx at imapproxy01:/etc/dovecot/conf.d$ dovecot -n# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf# Pigeonhole version 0.5.7.2 ()# OS: Linux 5.4.0-1031-azure x86_64 Ubuntu 20.04.1 LTS# Hostname: imapproxy01.trf04sdec2hu1b4wur4lazeo3f.px.internal.cloudapp.netauth_verbose = yesdisable_plaintext_auth = noimapc_host = imap.gmail.comimapc_password = # hidden, use -P to show itimapc_port = 993imapc_ssl

imap proxy is a "dumb proxy", it will just pass everything to google & back after you've authenticated. imapc allows you to use imap sieve to some extent. I'm not sure what kind of Sieve manipulations you have in mind. Aki > On 27/10/2020 11:42 David Tildesley <davotnz at yahoo.co.nz> wrote: > > > Hi Aki, > > Thanks. I didn't know that about

You know that imapc != imap proxy. imapc is a thin client, which is a "mail storage provider" like maildir. imap proxy is when you proxy the connection somewhere. this is done with proxy_ settings in passdb. You need to specify ssl_client_ca_dir = /etc/ssl/certs to get cert verification working with imapc. it's required. Aki > On 27/10/2020 10:54 David Tildesley <davotnz

Commit-ID: 4a66f39cb53fde78c4518615382be83a9e2bff0b Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=4a66f39cb53fde78c4518615382be83a9e2bff0b Author: H. Peter Anvin <hpa at linux.intel.com> AuthorDate: Tue, 15 Apr 2014 09:27:38 -0700 Committer: H. Peter Anvin <hpa at linux.intel.com> CommitDate: Tue, 15 Apr 2014 09:27:38 -0700 readlink: Better buffer handling

I find it extremely interesting that no one has commented on the merger of Dovecot Oy and Open-Xchange AG as announced by Timo on the 19th. Is this something that was known a long time ago and I missed? OK checked the on-line archive of the mailing list, no comments there - its not my email set-up - LOL. I am usually emotionally (at least) against of open-source projects loosing their

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. Please find patches for v2.2.36 and v2.3.4 attached, or download new version from https://dovecot.org Yours sincerely, Aki Tuomi Open-Xchange Oy

I think everyone shares your concerns. But there are no rules that the outcome of this merger must get something bad, so let's see what happens. I hope that it's true what Timo said and that dovecot can evolve and get even better as it is today. Good luck guys! Regards, Adrian. On 23.03.15 15:08, Andreas Kasenides wrote: > I find it extremely interesting that no one has commented on

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18