28 Mar
2019
28 Mar
'19
2:45 p.m.
On 28.3.2019 13.41, Aki Tuomi via dovecot wrote:
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig
* CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files.
--- Aki Tuomi Open-Xchange oy
Small mistake in the URLs, please use these. https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz.sig Aki