similar to: Dovecot release v2.2.36.4

Dear subscribers, we have been made aware of critical vulnerability in Dovecot and Pigeonhole. --- Open-Xchange Security Advisory 2019-08-14 ? Product: Dovecot Vendor: OX Software GmbH ? Internal reference: DOV-3278 Vulnerability type: Improper input validation (CWE-20) Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4 Vulnerable component: IMAP and ManageSieve protocol parsers

Dear subscribers, we have been made aware of critical vulnerability in Dovecot and Pigeonhole. --- Open-Xchange Security Advisory 2019-08-14 ? Product: Dovecot Vendor: OX Software GmbH ? Internal reference: DOV-3278 Vulnerability type: Improper input validation (CWE-20) Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4 Vulnerable component: IMAP and ManageSieve protocol parsers

Hi! We are pleased to release Dovecot release v2.3.7.2 Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to

Hi! We are pleased to release Pigeonhole release v0.4.24.2 Tarball is available at https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sig Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading

Hi! We are pleased to release Dovecot release v2.3.7.2 Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to

Hi! We are pleased to release Pigeonhole release v0.5.7.2 Tarball is available at https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle

Hi! We are pleased to release Pigeonhole release v0.5.7.2 Tarball is available at https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This fixes garbage I'm seeing consistently from readlink /dev/disk/by-uuid/..... during boot. Signed-off-by: Rafi Rubin <rafi at seas.upenn.edu> - --- usr/utils/readlink.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/usr/utils/readlink.c b/usr/utils/readlink.c index 5ea4e41..75a0735 100644 - ---

Commit-ID: 4a66f39cb53fde78c4518615382be83a9e2bff0b Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=4a66f39cb53fde78c4518615382be83a9e2bff0b Author: H. Peter Anvin <hpa at linux.intel.com> AuthorDate: Tue, 15 Apr 2014 09:27:38 -0700 Committer: H. Peter Anvin <hpa at linux.intel.com> CommitDate: Tue, 15 Apr 2014 09:27:38 -0700 readlink: Better buffer handling

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. Please find patches for v2.2.36 and v2.3.4 attached, or download new version from https://dovecot.org Yours sincerely, Aki Tuomi Open-Xchange Oy

I find it extremely interesting that no one has commented on the merger of Dovecot Oy and Open-Xchange AG as announced by Timo on the 19th. Is this something that was known a long time ago and I missed? OK checked the on-line archive of the mailing list, no comments there - its not my email set-up - LOL. I am usually emotionally (at least) against of open-source projects loosing their

I think everyone shares your concerns. But there are no rules that the outcome of this merger must get something bad, so let's see what happens. I hope that it's true what Timo said and that dovecot can evolve and get even better as it is today. Good luck guys! Regards, Adrian. On 23.03.15 15:08, Andreas Kasenides wrote: > I find it extremely interesting that no one has commented on

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18

Hi! We have now buster packages available starting from 2.3.8. You can find them from https://repo.dovecot.org/ In related news, we are planning on dropping packages for Debian Jessie, Ubuntu 18 and CentOS6 starting from 2.3.9. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size:

Hi! We have now buster packages available starting from 2.3.8. You can find them from https://repo.dovecot.org/ In related news, we are planning on dropping packages for Debian Jessie, Ubuntu 18 and CentOS6 starting from 2.3.9. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size:

We are pleased to release v2.3.11.3. Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- * CVE-2020-12100: Parsing mails with a large number of MIME parts could

We are pleased to release v2.3.11.3. Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.11.3.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- * CVE-2020-12100: Parsing mails with a large number of MIME parts could

> On 12. May 2020, at 19.18, Benny Pedersen <me at junc.eu> wrote: > > On 2020-05-12 17:54, Robert Schetterer wrote: > >> At the end the subject question makes no sense... > > lets play football then :) > > i just wish that dovecot could be next generation exchange server, no kidding Our parent company Open-Xchange offers one. It's called App Suite.

Open-Xchange Security Advisory 2020-02-12 Affected product: Dovecot Core Internal reference: DOV-3743 (JIRA ID) Vulnerability type: Improper Input Validation (CWE-30) Vulnerable version: 2.3.9 Vulnerable component: lmtp, imap Fixed version: 2.3.9.3 Report confidence: Confirmed Solution status: Fixed Researcher credits: Open-Xchange oy Vendor notification: 2020-01-14 CVE reference: CVE-2020-7957