28 Mar
2019
28 Mar
'19
12:45 p.m.
On 28.3.2019 13.41, Aki Tuomi via dovecot wrote:
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig
* CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files.
Aki Tuomi Open-Xchange oy
Small mistake in the URLs, please use these.
https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz.sig
Aki