Dovecot v2.2.36.1 released

Eric Broch ebroch at whitehorsetc.com
Tue Feb 5 18:04:34 EET 2019


Thank you!

On 2/5/2019 8:43 AM, Aki Tuomi wrote:
> Hi,
>
> as per our EOL statement 2.2.36 receives security and critical 
> updates. That said, we decided to flush few annoying bugs with .1 
> release.
>
> You do not need to build releases for 2.2.
>
> Aki
>> On 05 February 2019 at 17:36 Eric Broch < ebroch at whitehorsetc.com 
>> <mailto:ebroch at whitehorsetc.com>> wrote:
>>
>>
>> Aki,
>>
>> What's the difference between 2.2.x and 2.3.x version of Dovecot? And
>> why do you maintain both?
>>
>> I stopped building RPM's of the 2.2.x version and now only build 2.3.x.
>> Should I be maintaining both?
>>
>> Eric
>>
>> On 2/5/2019 6:01 AM, Aki Tuomi wrote:
>>> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz
>>> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig
>>>     * CVE-2019-3814: If imap/pop3/managesieve/submission client has
>>>       trusted certificate with missing username field
>>>       (ssl_cert_username_field), under some configurations Dovecot
>>>       mistakenly trusts the username provided via authentication 
>>> instead
>>>       of failing.
>>>     * ssl_cert_username_field setting was ignored with external SMTP 
>>> AUTH,
>>>       because none of the MTAs (Postfix, Exim) currently send the
>>>       cert_username field. This may have allowed users with trusted
>>>       certificate to specify any username in the authentication. 
>>> This bug
>>>       didn't affect Dovecot's Submission service.
>>>     - pop3_no_flag_updates=no: Don't expunge RETRed messages without 
>>> QUIT
>>>     - director: Kicking a user assert-crashes if login process is 
>>> very slow
>>>     - lda/lmtp: Fix assert-crash with some Sieve scripts when
>>> mail_attachment_detection_options=add-flags-on-save
>>>     - fs-compress: Using maybe-gz assert-crashed when reading 0 
>>> sized file
>>>     - Snippet generation crashed with invalid Content-Type:multipart
>> >
>>> ---
>>> Aki Tuomi
>>> Open-Xchange Oy
>> >
>> -- 
>> Eric Broch
>> White Horse Technical Consulting (WHTC)
>
> ---
> Aki Tuomi

-- 
Eric Broch
White Horse Technical Consulting (WHTC)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190205/a03092fb/attachment.html>


More information about the dovecot mailing list