Pigeonhole release v0.4.24.2

Aki Tuomi aki.tuomi at open-xchange.com
Wed Aug 28 15:06:07 EEST 2019


Hi!

We are pleased to release Pigeonhole release v0.4.24.2

Tarball is available at

https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sig

Changes
-------
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes. Found by Nick Roessler and Rafi Rubin.

---
Aki Tuomi
Open-Xchange oy


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190828/6748291f/attachment.sig>


More information about the dovecot mailing list