On 30 April 2019 21:06 @lbutlr via dovecot < dovecot@dovecot.org> wrote:

On 30 Apr 2019, at 07:21, Aki Tuomi via dovecot < dovecot@dovecot.org> wrote:

We are pleased to release Dovecot v2.3.6.

pkg adult shows the following, not mentioned in the changes:

dovecot-2.3.5.1 is vulnerable:

dovecot -- json encoder crash

CVE: CVE-2019-10691

WWW: https://vuxml.FreeBSD.org/freebsd/a64aa22f-61ec-11e9-85b9-a4badb296695.html

(just curious)

--

'Things either exist or they don't,' said Jeremy. 'I am very clear about

that. I have medicine.' --The Thief of Time

We don't usually mention fixes for previous releases again.

---
Aki Tuomi