[Dovecot-news] v2.2.36.3 released
Aki Tuomi
aki.tuomi at open-xchange.com
Thu Mar 28 13:41:08 EET 2019
https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz.sig
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
from Dovecot index. Exploiting this requires direct write access to
the index files.
---
Aki Tuomi
Open-Xchange oy
More information about the Dovecot-news
mailing list