[Dovecot-news] v2.3.5.2 released

Aki Tuomi aki.tuomi at open-xchange.com
Thu Apr 18 12:05:43 EEST 2019

Binary packages in https://repo.dovecot.org/

  * CVE-2019-7524: Missing input buffer size validation leads into
    arbitrary buffer overflow when reading fts or pop3 uidl header
    from Dovecot index. Exploiting this requires direct write access to
    the index files.

Aki Tuomi
Open-Xchange oy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot-news/attachments/20190418/c802ea60/attachment.sig>

More information about the Dovecot-news mailing list