On 28 March 2019 16:37 Kevin A. McGrail via dovecot < dovecot@dovecot.org> wrote:

On 3/28/2019 7:42 AM, Aki Tuomi via dovecot wrote:

olution:

Operators should update to the latest Patch Release. The only workaround

is to disable FTS and pop3-uidl plugin.

Hi Aki, thanks for the CVE. For quick mitigation, can you confirm how

to disable these plugins and what they provide? We'd like to assess if

we are using them while we rollout the fix.

Regards,

KAM

check for fts in mail_plugins. pop3-uidl is used by pop3_migration plugin.

---
Aki Tuomi