CVE-2016-8652 in dovecot

Noel Butler noel.butler at ausics.net
Sat Dec 3 02:23:25 UTC 2016


On 03/12/2016 12:08, Jeremiah C. Foster wrote:

> On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: 
> On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which
> merits a
> CVE. See details below. If you haven't configured any
> auth_policy_*
> settings you are ok. This is fixed with
> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f3
> 4be960cff13
> a5a725ae and
> https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d
> 57351fd42c6
> 7a8612fc
> 
> Important vulnerability in Dovecot (CVE-2016-8562) 
> Are you sure about the CVE number? According to Debian [1 [1]] and
> mitre [2 [2]], it's 
> for SIEMENS something, not Dovecot.
> 
> best regards,
> Jonas Wielicki
> 
> [1]: https://security-tracker.debian.org/tracker/CVE-2016-8562
> [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-856
> 2

Ups, sent wrong number, correct is CVE-2016-8652. 
That is the same number, no? 

No, read it again. the wrong and pasted copie are 8 5 62, his revised is
8 6 52 

-- 
Kind Regard, 

Noel Butler 

 		This Email, including any attachments, may contain legally privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not disseminate, discuss, or
reveal, any part, to anyone, without the authors express written
authority to do so. If you are not the intended recipient, please notify
the sender then delete all copies of this message including attachments,
immediately. Confidentiality, copyright, and legal privilege are not
waived or lost by reason of the mistaken delivery of this message. Only
PDF [3] and ODF [4] documents accepted, please do not send proprietary
formatted documents 

 

Links:
------
[1] https://security-tracker.debian.org/tracker/CVE-2016-8562
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-856
[3] http://www.adobe.com/
[4] http://en.wikipedia.org/wiki/OpenDocument


More information about the dovecot mailing list