CVE-2016-8652 in dovecot

Aki Tuomi aki.tuomi at dovecot.fi
Fri Dec 2 08:48:15 UTC 2016



On 02.12.2016 10:45, Jonas Wielicki wrote:
> On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote:
>> We are sorry to report that we have a bug in dovecot, which merits a
>> CVE. See details below. If you haven't configured any auth_policy_*
>> settings you are ok. This is fixed with
>> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13
>> a5a725ae and
>> https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c6
>> 7a8612fc
>>
>> Important vulnerability in Dovecot (CVE-2016-8562)
> Are you sure about the CVE number? According to Debian [1] and mitre [2], it’s 
> for SIEMENS something, not Dovecot.
>
> best regards,
> Jonas Wielicki
>
>    [1]: https://security-tracker.debian.org/tracker/CVE-2016-8562
>    [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8562
Ups, sent wrong number, correct is CVE-2016-8652.

Aki



More information about the dovecot mailing list