CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole

Christian Balzer chibi at gol.com
Fri Aug 30 11:00:37 EEST 2019


Hello,

Cc'ing Apollon in hopes he might have some insight here.

When upgrading on Debian Stretch with the security fix packages all
dovecot processes get killed and then restarted despite having 
"shutdown_clients = no" set. 

My guess would be a flaw in the upgrade procedure and/or unit files doing
a stop and start when the new imapd package is installed.

Can anybody think of a quick workaround or fix for this, as it's clearly
not intended behavior (nor needed for this issue).


Thanks,

Christian
-- 
Christian Balzer        Network/Systems Engineer                
chibi at gol.com   	Rakuten Mobile Inc.


More information about the dovecot mailing list