Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

28 Mar 2019


      On 3/28/2019 7:42 AM, Aki Tuomi via dovecot wrote:
...
olution:
Operators should update to the latest Patch Release. The only workaround
is to disable FTS and pop3-uidl plugin.
Hi Aki, thanks for the CVE.  For quick mitigation, can you confirm how
to disable these plugins and what they provide?  We'd like to assess if
we are using them while we rollout the fix.
Regards,
KAM

Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

Kevin A. McGrail