Pigeonhole release v0.5.7.2
Aki Tuomi
aki.tuomi at dovecot.fi
Wed Aug 28 15:06:02 EEST 2019
Hi!
We are pleased to release Pigeonhole release v0.5.7.2
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
-------
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
---
Aki Tuomi
Open-Xchange oy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 484 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190828/f8102c12/attachment-0001.sig>
More information about the dovecot
mailing list