On 5 Feb 2019, at 17.06, Larry Rosenman <larryrtx@gmail.com> wrote:for some reason Aki's posts are not making it to my GMail account from this list.Any idea why?On Tue, Feb 5, 2019 at 10:04 AM Eric Broch <ebroch@whitehorsetc.com> wrote:Thank you!
On 2/5/2019 8:43 AM, Aki Tuomi wrote:
Hi,
as per our EOL statement 2.2.36 receives security and critical updates. That said, we decided to flush few annoying bugs with .1 release.
You do not need to build releases for 2.2.
AkiOn 05 February 2019 at 17:36 Eric Broch < ebroch@whitehorsetc.com> wrote:
Aki,
What's the difference between 2.2.x and 2.3.x version of Dovecot? Andwhy do you maintain both?
I stopped building RPM's of the 2.2.x version and now only build 2.3.x.Should I be maintaining both?
Eric
On 2/5/2019 6:01 AM, Aki Tuomi wrote:* CVE-2019-3814: If imap/pop3/managesieve/submission client hastrusted certificate with missing username field(ssl_cert_username_field), under some configurations Dovecotmistakenly trusts the username provided via authentication insteadof failing.* ssl_cert_username_field setting was ignored with external SMTP AUTH,because none of the MTAs (Postfix, Exim) currently send thecert_username field. This may have allowed users with trustedcertificate to specify any username in the authentication. This bugdidn't affect Dovecot's Submission service.- pop3_no_flag_updates=no: Don't expunge RETRed messages without QUIT- director: Kicking a user assert-crashes if login process is very slow- lda/lmtp: Fix assert-crash with some Sieve scripts whenmail_attachment_detection_options=add-flags-on-save- fs-compress: Using maybe-gz assert-crashed when reading 0 sized file- Snippet generation crashed with invalid Content-Type:multipart>---Aki TuomiOpen-Xchange Oy>--Eric BrochWhite Horse Technical Consulting (WHTC)
---
Aki Tuomi-- Eric Broch White Horse Technical Consulting (WHTC)--Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106