CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
Christian Balzer
chibi at gol.com
Fri Aug 30 11:00:37 EEST 2019
Hello,
Cc'ing Apollon in hopes he might have some insight here.
When upgrading on Debian Stretch with the security fix packages all
dovecot processes get killed and then restarted despite having
"shutdown_clients = no" set.
My guess would be a flaw in the upgrade procedure and/or unit files doing
a stop and start when the new imapd package is installed.
Can anybody think of a quick workaround or fix for this, as it's clearly
not intended behavior (nor needed for this issue).
Thanks,
Christian
--
Christian Balzer Network/Systems Engineer
chibi at gol.com Rakuten Mobile Inc.
More information about the dovecot
mailing list