28 Aug
2019
28 Aug
'19
3:06 p.m.
Hi!
We are pleased to release Pigeonhole release v0.4.24.2
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.... https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2....
Changes
- CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Found by Nick Roessler and Rafi Rubin.
Aki Tuomi Open-Xchange oy
28 Aug
28 Aug
10:07 p.m.
Aki Tuomi, 28.08.19, 14:06 CEST:
On https://pigeonhole.dovecot.org/download.html the link to the pigeonhole sources points to <https://pigeonhole.dovecot.org/releases/2.2.42.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz> which (obviously) doesn't work.
-- Regards mks
2064
Age (days ago)
2065
Last active (days ago)
2 comments
2 participants
participants (2)
-
Aki Tuomi
-
Markus Schönhaber