[Dovecot-news] CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Peter
peter at pajamian.dhs.org
Sun Jul 10 06:53:45 UTC 2022
On 8/07/22 7:16 pm, Aki Tuomi wrote:
> Not all CVEs are "that serious". CVE scores are problematic, you can have a solid 10.0 CVE score that affects practically no one, and you can have a 3.8 CVE that affects ~everyone using the software.
>
> This particular bug requires a quite specific setup, and also provides a sensible workaround for it.
>
> It will be included in upcoming 2.4 release, we do not currently see any pressing reason to rush out a CVE patch release for this.
I've applied the patch to the GhettoForge packages for dovecot23 (el7
and 8) and dovecot22 (el7) for those who want a patched release for the
EL platform.
Peter
More information about the dovecot
mailing list