similar to: Ubuntu packages

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1849 (Bug ID) Vulnerability type: Uncontrolled recursion (CWE-674) Vulnerable version: 2.0 Vulnerable component: submission, lmtp, lda Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-04-23 CVE reference: CVE-2020-12100 CVSS: 7.5

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1870 (Bug ID) Vulnerability type: CWE-789 (Uncontrolled Memory Allocation) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 CVE reference: CVE-2020-12673 CVSS: 7.5

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1869 (Bug ID) Vulnerability type: CWE-126 (Buffer over-read) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 Researcher credit: Orange from DEVCORE team CVE reference:

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1849 (Bug ID) Vulnerability type: Uncontrolled recursion (CWE-674) Vulnerable version: 2.0 Vulnerable component: submission, lmtp, lda Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-04-23 CVE reference: CVE-2020-12100 CVSS: 7.5

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1870 (Bug ID) Vulnerability type: CWE-789 (Uncontrolled Memory Allocation) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 CVE reference: CVE-2020-12673 CVSS: 7.5

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1869 (Bug ID) Vulnerability type: CWE-126 (Buffer over-read) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 Researcher credit: Orange from DEVCORE team CVE reference:

We are happy to announce that we have CentOS 8 packages available starting from v2.3.11.3. You can find these packages at https://repo.dovecot.org/ Regards, Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL:

We are happy to announce that we have CentOS 8 packages available starting from v2.3.11.3. You can find these packages at https://repo.dovecot.org/ Regards, Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL:

Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOP-2009 (Bug ID) Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences Vulnerable version: 2.2.26-2.3.11.3 Vulnerable component: imap Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.13 Vendor notification: 2020-08-17

Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOP-2009 (Bug ID) Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences Vulnerable version: 2.2.26-2.3.11.3 Vulnerable component: imap Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.13 Vendor notification: 2020-08-17

Hi! We are excited to announce that we are now providing packages for Ubuntu 18.04 (Bionic). Please find instructions on how to use them at https://repo.dovecot.org/ Aki Tuomi Open-Xchange Oy

Hi! We have now buster packages available starting from 2.3.8. You can find them from https://repo.dovecot.org/ In related news, we are planning on dropping packages for Debian Jessie, Ubuntu 18 and CentOS6 starting from 2.3.9. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size:

Hi! We have now buster packages available starting from 2.3.8. You can find them from https://repo.dovecot.org/ In related news, we are planning on dropping packages for Debian Jessie, Ubuntu 18 and CentOS6 starting from 2.3.9. --- Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size:

We are pleased to release v2.3.13. Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to

We are pleased to release v2.3.13. Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. Please find patches for v2.2.36 and v2.3.4 attached, or download new version from https://dovecot.org Yours sincerely, Aki Tuomi Open-Xchange Oy

Hi! We are dropping CentOS 6 packages now that we have CentOS 8 packages available. 2.3.11.3 will be last version for which CentOS 6 packages are built for https://repo.dovecot.org. Regards, Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 475 bytes Desc: not available URL:

Hi! We are dropping CentOS 6 packages now that we have CentOS 8 packages available. 2.3.11.3 will be last version for which CentOS 6 packages are built for https://repo.dovecot.org. Regards, Aki Tuomi Open-Xchange oy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 475 bytes Desc: not available URL:

Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4113 (Bug ID) Vulnerability type: CWE-20: Improper Input Validation Vulnerable version: 2.3.11-2.3.11.3 Vulnerable component: lda, lmtp, imap Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.13 Vendor notification: 2020-09-10 Solution date: 2020-09-14 Public

Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4113 (Bug ID) Vulnerability type: CWE-20: Improper Input Validation Vulnerable version: 2.3.11-2.3.11.3 Vulnerable component: lda, lmtp, imap Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.13 Vendor notification: 2020-09-10 Solution date: 2020-09-14 Public