CVE-2016-8562 in dovecot
Marc Schiffbauer
m at sys4.de
Mon Dec 5 07:53:57 UTC 2016
* Aki Tuomi schrieb am 02.12.16 um 08:00 Uhr:
Hi Aki,
> We are sorry to report that we have a bug in dovecot, which merits a
> CVE. See details below. If you haven't configured any auth_policy_*
> settings you are ok. This is fixed with
> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae
> and
> https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c67a8612fc
>
> Important vulnerability in Dovecot (CVE-2016-8562)
> CVSS score: 7.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H)
> Affected version(s): 2.2.25.1 up to 2.2.26.1
> Fixed in: 2.2.27.1rc1
I think either it should read "up to 2.2.27"
or
"Fixed in: 2.2.27"
Or how about version 2.2.27? (without .1)
TIA
-Marc
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list