28 Aug
2019
28 Aug
'19
3:05 p.m.
Hi! We are pleased to release Dovecot release v2.2.36.4 Tarball is available at https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Found by Nick Roessler and Rafi Rubin. --- Aki Tuomi Open-Xchange oy