Dovecot release v2.2.36.4

Aki Tuomi aki.tuomi at
Wed Aug 28 15:05:46 EEST 2019


We are pleased to release Dovecot release v2.2.36.4

Tarball is available at

Binary packages are available at

* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes. Found by Nick Roessler and Rafi Rubin.

Aki Tuomi
Open-Xchange oy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the dovecot mailing list