CVE-2016-8652 in dovecot

Aki Tuomi aki.tuomi at dovecot.fi
Sat Dec 3 19:25:56 UTC 2016


> On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jeremiahfoster.com> wrote:
> 
> 
> On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote:
> > On 03/12/2016 12:08, Jeremiah C. Foster wrote:
> > 
> > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: 
> > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember
> > > 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we
> > > have a bug in dovecot, which
> > > merits a
> > > CVE. See details below. If you haven't configured any
> > > auth_policy_*
> > > settings you are ok. This is fixed with
> > > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f3
> > > 4be960cff13
> > > a5a725ae and
> > > https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d
> > > 57351fd42c6
> > > 7a8612fc
> > > 
> > > Important vulnerability in Dovecot (CVE-2016-8562) 
> > > Are you sure about the CVE number? According to Debian [1 [1]] and
> > > mitre [2 [2]], it's 
> > > for SIEMENS something, not Dovecot.
> > > 
> > > best regards,
> > > Jonas Wielicki
> > > 
> > > [1]: https://security-tracker.debian.org/tracker/CVE-2016-8562
> > > [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-856
> > > 2
> > 
> > Ups, sent wrong number, correct is CVE-2016-8652. 
> > That is the same number, no? 
> > 
> > No, read it again. the wrong and pasted copie are 8 5 62, his revised
> > is
> > 8 6 52 
> 
> Ah, thank you. So I guess the CVE is then here: https://cve.mitre.org/c
> gi-bin/cvename.cgi?name=CVE-2016-8652 but this doesn't provide a whole
> lot more information yet.
> 
> Cheers,
> 
> Jeremiah

Hi!

What piece of information are you missing?

Aki


More information about the dovecot mailing list