On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote:
On 03/12/2016 12:08, Jeremiah C. Foster wrote:
On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which merits a CVE. See details below. If you haven't configured any auth_policy_* settings you are ok. This is fixed with https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f3 4be960cff13 a5a725ae and https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d 57351fd42c6 7a8612fc
Important vulnerability in Dovecot (CVE-2016-8562) Are you sure about the CVE number? According to Debian [1 1] and mitre [2 2], it's for SIEMENS something, not Dovecot.
best regards, Jonas Wielicki
2
Ups, sent wrong number, correct is CVE-2016-8652. That is the same number, no?
No, read it again. the wrong and pasted copie are 8 5 62, his revised is 8 6 52
Ah, thank you. So I guess the CVE is then here: https://cve.mitre.org/c gi-bin/cvename.cgi?name=CVE-2016-8652 but this doesn't provide a whole lot more information yet.
Cheers,
Jeremiah