22 Jun
2021
22 Jun
'21
2:19 p.m.
On 22. Jun 2021, at 11.11, lists@lazygranch.com wrote:
Vulnerability Details:
On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected.
Centos 7 has no repo with 2.3.15. I am using 2.2.36 (1f10bfa63). Is this OK?
This is my personal server, hence all the accounts are mine, so it isn't like I am going to hack myself.
Only the submission service is vulnerable, and v2.2.36 doesn't have the submission service at all. So it's not vulnerable to this.
And for the Sieve excessive resource usage it's not really a problem especially with personals servers.