Dovecot v2.2.36.1 released

Sami Ketola Sami.Ketola at Open-Xchange.com
Tue Feb 5 18:14:37 EET 2019


Hi,

It's probably because gmail. They refuse emails for random reasons occasionally.

Sami

> On 5 Feb 2019, at 17.06, Larry Rosenman <larryrtx at gmail.com> wrote:
> 
> for some reason Aki's posts are not making it to my GMail account from this list.
> 
> Any idea why?
> 
> On Tue, Feb 5, 2019 at 10:04 AM Eric Broch <ebroch at whitehorsetc.com <mailto:ebroch at whitehorsetc.com>> wrote:
> Thank you!
> 
> On 2/5/2019 8:43 AM, Aki Tuomi wrote:
>> Hi,
>> 
>> as per our EOL statement 2.2.36 receives security and critical updates. That said, we decided to flush few annoying bugs with .1 release.
>> 
>> You do not need to build releases for 2.2.
>> 
>> Aki
>>> On 05 February 2019 at 17:36 Eric Broch < ebroch at whitehorsetc.com <mailto:ebroch at whitehorsetc.com>> wrote:
>>> 
>>> 
>>> Aki,
>>> 
>>> What's the difference between 2.2.x and 2.3.x version of Dovecot? And
>>> why do you maintain both?
>>> 
>>> I stopped building RPM's of the 2.2.x version and now only build 2.3.x.
>>> Should I be maintaining both?
>>> 
>>> Eric
>>> 
>>> On 2/5/2019 6:01 AM, Aki Tuomi wrote:
>>>> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz <https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz>
>>>> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig <https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig>    * CVE-2019-3814: If imap/pop3/managesieve/submission client has
>>>>       trusted certificate with missing username field
>>>>       (ssl_cert_username_field), under some configurations Dovecot
>>>>       mistakenly trusts the username provided via authentication instead
>>>>       of failing.
>>>>     * ssl_cert_username_field setting was ignored with external SMTP AUTH,
>>>>       because none of the MTAs (Postfix, Exim) currently send the
>>>>       cert_username field. This may have allowed users with trusted
>>>>       certificate to specify any username in the authentication. This bug
>>>>       didn't affect Dovecot's Submission service.
>>>>     - pop3_no_flag_updates=no: Don't expunge RETRed messages without QUIT
>>>>     - director: Kicking a user assert-crashes if login process is very slow
>>>>     - lda/lmtp: Fix assert-crash with some Sieve scripts when
>>>>       mail_attachment_detection_options=add-flags-on-save
>>>>     - fs-compress: Using maybe-gz assert-crashed when reading 0 sized file
>>>>     - Snippet generation crashed with invalid Content-Type:multipart
>>> >
>>>> ---
>>>> Aki Tuomi
>>>> Open-Xchange Oy
>>> >
>>> --
>>> Eric Broch
>>> White Horse Technical Consulting (WHTC)
>> 
>> --- 
>> Aki Tuomi
> -- 
> Eric Broch
> White Horse Technical Consulting (WHTC)
> 
> 
> -- 
> Larry Rosenman                     http://www.lerctr.org/~ler <http://www.lerctr.org/~ler>
> Phone: +1 214-642-9640 (c)     E-Mail: larryrtx at gmail.com <mailto:larryrtx at gmail.com>
> US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190205/5ff14814/attachment.html>


More information about the dovecot mailing list