similar to: Pigeonhole release v0.4.24.2

Aki Tuomi, 28.08.19, 14:06 CEST: > Tarball is available at > > https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz > https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sig On https://pigeonhole.dovecot.org/download.html the link to the pigeonhole sources points to

Dear subscribers, we have been made aware of critical vulnerability in Dovecot and Pigeonhole. --- Open-Xchange Security Advisory 2019-08-14 ? Product: Dovecot Vendor: OX Software GmbH ? Internal reference: DOV-3278 Vulnerability type: Improper input validation (CWE-20) Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4 Vulnerable component: IMAP and ManageSieve protocol parsers

Hi! We are pleased to release Dovecot release v2.3.7.2 Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to

Hi! We are pleased to release Dovecot release v2.2.36.4 Tarball is available at https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading

Hi! We are pleased to release Pigeonhole release v0.5.7.2 Tarball is available at https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle

Hi! We are pleased to release Dovecot release v2.3.7.2 Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to

Hi! We are pleased to release Dovecot release v2.2.36.4 Tarball is available at https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading

Hi! We are pleased to release Pigeonhole release v0.5.7.2 Tarball is available at https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle

Dear subscribers, we have been made aware of critical vulnerability in Dovecot and Pigeonhole. --- Open-Xchange Security Advisory 2019-08-14 ? Product: Dovecot Vendor: OX Software GmbH ? Internal reference: DOV-3278 Vulnerability type: Improper input validation (CWE-20) Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4 Vulnerable component: IMAP and ManageSieve protocol parsers

Hi, at the moment I see only packages named *2.2.26* on xi.dovecot.fi. Can we expect packages for v2.2.27 to appear there? -- Regards mks

Aki Tuomi, Fri, 02 Mar 2018 20:06:35 +0200: > the problem is default > ?protocols = imap pop3? Ah, OK. I wasn't aware that the default had changed. It seems to be protocols = imap pop3 lmtp now. > packaging should use > protocols = > protocols = $protocols imap Yep, explicitly setting protocols = before !include_try /usr/share/dovecot/protocols.d/*.protocol helps. IMO

Executive summary: /usr/bin/suidexec gives every user a root shell. Remove it. tlr ----- Forwarded message from Thomas Roessler <roessler@guug.de> ----- Date: Tue, 28 Apr 1998 15:21:17 +0200 From: Thomas Roessler <roessler@guug.de> Subject: suidmanager: SECURITY BREACH: /usr/bin/suidexec gives root access to every user on the system To: submit@bugs.debian.org Package: suidmanager

There is some underlying problem with imap-login but in order to debug it I'd like to see a core file. On error dovecot reports "core not dumped". If I put "abort()" in the code at the point it is reporting then a core file is written, so there is no OS reason why a core can not be written. It appears to be dovecot's choice to control the child. In an attempt

Hi, looking at the source archive of pigeonhole 0.4.20 <https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.20.tar.gz> I noticed that the contained ChangeLog mentions v0.4.20.rc1 as first entry and pigeonhole-version.h defines git revision 7cd71ba as version where I'd expect 4a55e6c. This is probably no big deal. But since Makefile.in and install-sh also differ (see

Stephan Bosch, Mon, 25 Apr 2016 15:16:55 +0200: > Oops. Turned off package composer for maintenance, but didn't turn it > back on. > > It is building now..... Is there something to turn on to build packages in /debian/pool/wheezy-auto/dovecot-2.2 ? Or don't you provide packages for wheezy anymore? > Op 25-4-2016 om 14:47 schreef Harald Leithner: >> Hi, >>

Hi, There is a severe problem with the db-1.85.4 library''s Linux port that can be found on sunsite.unc.edu under /pub/Linux/libs/db-1.85.4-src.tar.gz (sp?): This library contains a "snprintf" function which breaks down to a common sprintf, ignoring the size parameter. Obviously, this was thought to be a terribly bad work-around for C libraries which don''t contain an

The following code is a first attempt at a simple but flexible suid wrapper which checks argv[] and environment. It might introduce new security holes or have other bugs; using 1 as a general failure exit value may be the wrong thing to do. The wrapper reads a configuration file named /etc/wrapper.cfg; see the comments in wrapper.c for the file''s format. Flame, comment, or use at will.

Hello, given a Debian 9 system with Dovecot 2.2.34 installed from self-built packages made from the official tarball combined with Stephan Bosch's debian files (upgraded multiple times from packages made in a similar way). Today, I updated this system to 2.3.0.1 from the official repository at repo.dovecot.org. After the update, dovecot wouldn't start because of: > dovecot: master:

For all who are interested: A quick review of CeBIT 2005. :-) CeBIT was a very successfull event. Most of the time, the asterisk-booth was crowded with more people than we could talk to. We had with us a demo-installation including different IP-phones, digital and analog phones as well as a Siemens HiPATH PBX to which our Asterisk-server served as a VoIP-gateway, and many people were impressed

How may one save a graphic as svg on Windows? The svg() command is recognized and functions well on Linux, etc., but not on Windows, it seems. I'm trying to use Hadley Wickam's ggplot2 and I would like to be able to save created charts as svg for later input into Illustrator. I am able to accomplish this workflow under Linux, but I don't know how to get R to recognize the svg() command