28 Aug
2019
28 Aug
'19
3:05 p.m.
Hi! We are pleased to release Dovecot release v2.3.7.2 Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Found by Nick Roessler and Rafi Rubin. --- Aki Tuomi Open-Xchange oy