Dovecot v2.2.36.1 released

Larry Rosenman larryrtx at gmail.com
Tue Feb 5 18:06:19 EET 2019 

for some reason Aki's posts are not making it to my GMail account from this
list.

Any idea why?

On Tue, Feb 5, 2019 at 10:04 AM Eric Broch <ebroch at whitehorsetc.com> wrote:

> Thank you!
> On 2/5/2019 8:43 AM, Aki Tuomi wrote:
>
> Hi,
>
> as per our EOL statement 2.2.36 receives security and critical updates.
> That said, we decided to flush few annoying bugs with .1 release.
>
> You do not need to build releases for 2.2.
>
> Aki
>
> On 05 February 2019 at 17:36 Eric Broch < ebroch at whitehorsetc.com> wrote:
>
>
> Aki,
>
> What's the difference between 2.2.x and 2.3.x version of Dovecot? And
> why do you maintain both?
>
> I stopped building RPM's of the 2.2.x version and now only build 2.3.x.
> Should I be maintaining both?
>
> Eric
>
> On 2/5/2019 6:01 AM, Aki Tuomi wrote:
>
> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz
> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig
>
>     * CVE-2019-3814: If imap/pop3/managesieve/submission client has
>       trusted certificate with missing username field
>       (ssl_cert_username_field), under some configurations Dovecot
>       mistakenly trusts the username provided via authentication instead
>       of failing.
>     * ssl_cert_username_field setting was ignored with external SMTP AUTH,
>       because none of the MTAs (Postfix, Exim) currently send the
>       cert_username field. This may have allowed users with trusted
>       certificate to specify any username in the authentication. This bug
>       didn't affect Dovecot's Submission service.
>
>     - pop3_no_flag_updates=no: Don't expunge RETRed messages without QUIT
>     - director: Kicking a user assert-crashes if login process is very
> slow
>     - lda/lmtp: Fix assert-crash with some Sieve scripts when
>       mail_attachment_detection_options=add-flags-on-save
>     - fs-compress: Using maybe-gz assert-crashed when reading 0 sized file
>     - Snippet generation crashed with invalid Content-Type:multipart
>
> >
>
> ---
>
> Aki Tuomi
> Open-Xchange Oy
>
> >
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>
> ---
> Aki Tuomi
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>

-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c)     E-Mail: larryrtx at gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190205/d67d9334/attachment-0001.html>

More information about the dovecot mailing list