Hi!
We are pleased to release Pigeonhole release v0.4.24.2
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.... https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2....
Changes
- CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Found by Nick Roessler and Rafi Rubin.
Aki Tuomi Open-Xchange oy
Aki Tuomi, 28.08.19, 14:06 CEST:
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.... https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2....
On https://pigeonhole.dovecot.org/download.html the link to the pigeonhole sources points to https://pigeonhole.dovecot.org/releases/2.2.42.2/dovecot-2.2-pigeonhole-0.4.... which (obviously) doesn't work.
-- Regards mks
On 28.8.2019 22.07, Markus Schönhaber via dovecot wrote:
Aki Tuomi, 28.08.19, 14:06 CEST:
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.... https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.... On https://pigeonhole.dovecot.org/download.html the link to the pigeonhole sources points to https://pigeonhole.dovecot.org/releases/2.2.42.2/dovecot-2.2-pigeonhole-0.4.... which (obviously) doesn't work.
Seems to be correct now.
Aki
participants (2)
-
Aki Tuomi
-
Markus Schönhaber