Displaying 20 results from an estimated 900 matches similar to: "CVE-2019-3814: Suitable client certificate can be used to login as other user"
2019 Feb 05
0
Dovecot v2.2.36.1 released
https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig
??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has
??? ? trusted certificate with missing username field
??? ? (ssl_cert_username_field), under some configurations Dovecot
??? ? mistakenly trusts the username provided via authentication instead
??? ? of failing.
2019 Feb 05
0
Dovecot v2.3.4.1 released
https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig
<https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig>
Binary packages in https://repo.dovecot.org/
??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has
??? ? trusted certificate with missing username field
??? ? (ssl_cert_username_field), under some
2019 Feb 05
2
Dovecot v2.2.36.1 released
for some reason Aki's posts are not making it to my GMail account from this
list.
Any idea why?
On Tue, Feb 5, 2019 at 10:04 AM Eric Broch <ebroch at whitehorsetc.com> wrote:
> Thank you!
> On 2/5/2019 8:43 AM, Aki Tuomi wrote:
>
> Hi,
>
> as per our EOL statement 2.2.36 receives security and critical updates.
> That said, we decided to flush few annoying bugs
2019 Feb 05
0
Dovecot 2.3.4.1 released
https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig
<https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig>
Binary packages in https://repo.dovecot.org/
??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has
??? ? trusted certificate with missing username field
??? ? (ssl_cert_username_field), under some
2019 Feb 05
0
Dovecot v2.2.36.1 released
Thank you!
On 2/5/2019 8:43 AM, Aki Tuomi wrote:
> Hi,
>
> as per our EOL statement 2.2.36 receives security and critical
> updates. That said, we decided to flush few annoying bugs with .1
> release.
>
> You do not need to build releases for 2.2.
>
> Aki
>> On 05 February 2019 at 17:36 Eric Broch < ebroch at whitehorsetc.com
>> <mailto:ebroch at
2019 Feb 05
8
Dovecot v2.2.36.1 released
https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig
??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has
??? ? trusted certificate with missing username field
??? ? (ssl_cert_username_field), under some configurations Dovecot
??? ? mistakenly trusts the username provided via authentication instead
??? ? of failing.
2019 Feb 05
8
Dovecot v2.2.36.1 released
https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig
??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has
??? ? trusted certificate with missing username field
??? ? (ssl_cert_username_field), under some configurations Dovecot
??? ? mistakenly trusts the username provided via authentication instead
??? ? of failing.
2019 Feb 05
2
Dovecot v2.2.36.1 released
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
Hi,
</div>
<div>
<br>
</div>
<div>
as per our EOL statement 2.2.36 receives security and critical updates. That said, we decided to flush few annoying bugs with .1 release.
</div>
<div>
<br>
2019 Feb 05
0
Release notify (2.2.36.1 and 2.3.4.1)
On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot <dovecot at dovecot.org>
wrote:
> Due to DMARC issues some people have failed to receive the latest security
> information, so here it is repeated for both releases:
>
> 2.3.4.1
>
> https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz
> https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig
>
2019 Feb 05
0
Release notify (2.2.36.1 and 2.3.4.1)
On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot <dovecot at dovecot.org>
wrote:
> Due to DMARC issues some people have failed to receive the latest security
> information, so here it is repeated for both releases:
>
> 2.3.4.1
>
> https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz
> https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig
>
2019 Feb 05
0
Dovecot v2.2.36.1 released (Pigeonhole 0.4.24.1)
Hi,
Here is the associated release for Pigeonhole:
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz.sig
Binary packages included in https://repo.dovecot.org/
+ imapsieve: Added imapsieve_expunge_discarded setting which causes
discarded messages to be expunged
2019 Feb 05
0
Dovecot v2.2.36.1 released
Aki,
What's the difference between 2.2.x and 2.3.x version of Dovecot? And
why do you maintain both?
I stopped building RPM's of the 2.2.x version and now only build 2.3.x.
Should I be maintaining both?
Eric
On 2/5/2019 6:01 AM, Aki Tuomi wrote:
> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz
> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig
>
>
2019 Feb 05
0
Dovecot v2.2.36.1 released (Pigeonhole 0.4.24.1)
Hi,
Here is the associated release for Pigeonhole:
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz.sig
Binary packages included in https://repo.dovecot.org/
+ imapsieve: Added imapsieve_expunge_discarded setting which causes
discarded messages to be expunged
2019 Feb 05
1
Dovecot v2.2.36.1 released (Pigeonhole 0.4.24.1)
On 2019-02-05 13:07, Stephan Bosch via dovecot wrote:
> Hi,
>
> Here is the associated release for Pigeonhole:
>
> https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz
> https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.1.tar.gz.sig
> Binary packages included in https://repo.dovecot.org/
>
> + imapsieve: Added
2019 Feb 05
0
Release notify (2.2.36.1 and 2.3.4.1)
Oh, so manual compile should NOT work and it's okay or am I missing
something?
On Tue, 5 Feb 2019 at 23:26, The Doctor <doctor at doctor.nl2k.ab.ca> wrote:
> On Tue, Feb 05, 2019 at 11:18:45PM +0300, Odhiambo Washington via dovecot
> wrote:
> > On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot <dovecot at dovecot.org>
> > wrote:
> >
> > > Due to
2019 Feb 05
0
Release notify (2.2.36.1 and 2.3.4.1)
Oh, so manual compile should NOT work and it's okay or am I missing
something?
On Tue, 5 Feb 2019 at 23:26, The Doctor <doctor at doctor.nl2k.ab.ca> wrote:
> On Tue, Feb 05, 2019 at 11:18:45PM +0300, Odhiambo Washington via dovecot
> wrote:
> > On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot <dovecot at dovecot.org>
> > wrote:
> >
> > > Due to
2019 Feb 05
0
Release notify (2.2.36.1 and 2.3.4.1)
I have always been able to compile manually, even from RCs so I believe I
should be able to compile from the tarball as well.
Something is broken,
On Tue, 5 Feb 2019 at 23:29, Larry Rosenman <larryrtx at gmail.com> wrote:
> pull the patches from the port.....
>
>
> On Tue, Feb 5, 2019 at 2:28 PM Odhiambo Washington via dovecot <
> dovecot at dovecot.org> wrote:
>
2019 Feb 05
0
Release notify (2.2.36.1 and 2.3.4.1)
Noted.
I will wait for dovecot-2.3.4.2 tarball then.
In all the servers I listed (+2 more), I never use the mail/dovecot port.
I rely on mail/dovecot port on my own prototype (FreeBSD 12) which I have
built in preparation for the upgrade of all the servers I currently have
(except the 11.2).
So for now, they have to run with 2.3.4, because of that reason - I am not
using the port. And yes, I
2019 Feb 05
0
Release notify (2.2.36.1 and 2.3.4.1)
Bueno.
I don't even remember well.
Wasn't that issue about mysql-8.0.12 to 8.0.13??
On Tue, 5 Feb 2019 at 23:46, Larry Rosenman <larryrtx at gmail.com> wrote:
> 2.3.4 had the same compile issues....
>
>
> On Tue, Feb 5, 2019 at 2:44 PM Odhiambo Washington <odhiambo at gmail.com>
> wrote:
>
>> Noted.
>>
>> I will wait for dovecot-2.3.4.2
2019 Feb 05
3
Release notify (2.2.36.1 and 2.3.4.1)
Due to DMARC issues some people have failed to receive the latest security information, so here it is repeated for both releases:
2.3.4.1
https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig
<https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig>
Binary packages in https://repo.dovecot.org/
* CVE-2019-3814: If