similar to: Buster packages available

On 9.10.2019 9.01, Aki Tuomi via Dovecot-news wrote: > Hi! > > We have now buster packages available starting from 2.3.8. You can find > them from https://repo.dovecot.org/ > > In related news, we are planning on dropping packages for Debian Jessie, > Ubuntu 18 and CentOS6 starting from 2.3.9. > > --- > Aki Tuomi > Open-Xchange oy And of course we are talking

> On 12. May 2020, at 19.18, Benny Pedersen <me at junc.eu> wrote: > > On 2020-05-12 17:54, Robert Schetterer wrote: > >> At the end the subject question makes no sense... > > lets play football then :) > > i just wish that dovecot could be next generation exchange server, no kidding Our parent company Open-Xchange offers one. It's called App Suite.

Hi all, Today I can finally announce that Dovecot Oy company has merged with Open-Xchange AG. This helps us to get more Dovecot developers, support people and so on. Most importantly, eventually it should allow me to get back to doing what I like the most: Designing new and interesting stuff for Dovecot and perfecting the old stuff :) OX is a great match to Dovecot going forward. They also really

Hi all, Today I can finally announce that Dovecot Oy company has merged with Open-Xchange AG. This helps us to get more Dovecot developers, support people and so on. Most importantly, eventually it should allow me to get back to doing what I like the most: Designing new and interesting stuff for Dovecot and perfecting the old stuff :) OX is a great match to Dovecot going forward. They also really

Open-Xchange Security Advisory 2019-12-13 ? Product: Dovecot IMAP/POP3 Server Vendor: OX Software GmbH ? Internal reference: DOV-3719 Vulnerability type: NULL Pointer Dereference (CWE-476) Vulnerable version: 2.3.9 Vulnerable component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael

Open-Xchange Security Advisory 2019-12-13 ? Product: Dovecot IMAP/POP3 Server Vendor: OX Software GmbH ? Internal reference: DOV-3719 Vulnerability type: NULL Pointer Dereference (CWE-476) Vulnerable version: 2.3.9 Vulnerable component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael

https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files.

https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files.

Hi! We are excited to announce that we are now providing packages for Ubuntu 18.04 (Bionic). Please find instructions on how to use them at https://repo.dovecot.org/ Aki Tuomi Open-Xchange Oy

We are pleased to release v2.3.10.1 Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.10.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.10.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- - CVE-2020-10957: lmtp/submission: A client can crash the server by

We are pleased to release v2.3.10.1 Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.10.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.10.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- - CVE-2020-10957: lmtp/submission: A client can crash the server by

Hallo Aki, the affected code location seems to be concerned with parsing to ?To:? header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains ?undisclosed-recipients:;?. I checked this manually and sure enough lmtp crashes: nc -C -U dovecot-lmtp 220 keira.mike2k.de Dovecot

Don't need to block anyone like in the "Re: Dovecot Oy merger with Open-Xchange AG" thread, but when I have my vacation recipie active, I'd like it to NOT reply to certain addresses. I tried the following, you can see the section with if header :contains "addressIdontwant at repliedtoo.tld" is commented out, once I'd added that section, no Vacation messages

https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files. --- Aki Tuomi Open-Xchange oy

We are pleased to release v2.3.9.2 of Dovecot. Please find it from locations below https://dovecot.org/releases/2.3/dovecot-2.3.9.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.9.2.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot --- - Mails with empty From/To headers can also cause crash in push notification drivers. ---

We are happy to announce that we have CentOS 8 packages available starting from v2.3.11.3. You can find these packages at https://repo.dovecot.org/ Regards, Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL:

Hi! We have pushed new versions for these packages that now support tcpwrappers. They were inadvertendly left out from last time, but now they have been restored. Sorry for the inconvenience. Regards, Aki Tuomi Open-Xchange oy

https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files. --- Aki Tuomi Open-Xchange oy

We are pleased to release v2.3.9.2 of Dovecot. Please find it from locations below https://dovecot.org/releases/2.3/dovecot-2.3.9.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.9.2.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot --- - Mails with empty From/To headers can also cause crash in push notification drivers. ---

We are happy to announce that we have CentOS 8 packages available starting from v2.3.11.3. You can find these packages at https://repo.dovecot.org/ Regards, Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: