Dovecot v2.2.36.1 released
Larry Rosenman
larryrtx at gmail.com
Tue Feb 5 18:06:19 EET 2019
for some reason Aki's posts are not making it to my GMail account from this
list.
Any idea why?
On Tue, Feb 5, 2019 at 10:04 AM Eric Broch <ebroch at whitehorsetc.com> wrote:
> Thank you!
> On 2/5/2019 8:43 AM, Aki Tuomi wrote:
>
> Hi,
>
> as per our EOL statement 2.2.36 receives security and critical updates.
> That said, we decided to flush few annoying bugs with .1 release.
>
> You do not need to build releases for 2.2.
>
> Aki
>
> On 05 February 2019 at 17:36 Eric Broch < ebroch at whitehorsetc.com> wrote:
>
>
> Aki,
>
> What's the difference between 2.2.x and 2.3.x version of Dovecot? And
> why do you maintain both?
>
> I stopped building RPM's of the 2.2.x version and now only build 2.3.x.
> Should I be maintaining both?
>
> Eric
>
> On 2/5/2019 6:01 AM, Aki Tuomi wrote:
>
> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz
> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig
>
> * CVE-2019-3814: If imap/pop3/managesieve/submission client has
> trusted certificate with missing username field
> (ssl_cert_username_field), under some configurations Dovecot
> mistakenly trusts the username provided via authentication instead
> of failing.
> * ssl_cert_username_field setting was ignored with external SMTP AUTH,
> because none of the MTAs (Postfix, Exim) currently send the
> cert_username field. This may have allowed users with trusted
> certificate to specify any username in the authentication. This bug
> didn't affect Dovecot's Submission service.
>
> - pop3_no_flag_updates=no: Don't expunge RETRed messages without QUIT
> - director: Kicking a user assert-crashes if login process is very
> slow
> - lda/lmtp: Fix assert-crash with some Sieve scripts when
> mail_attachment_detection_options=add-flags-on-save
> - fs-compress: Using maybe-gz assert-crashed when reading 0 sized file
> - Snippet generation crashed with invalid Content-Type:multipart
>
> >
>
> ---
>
> Aki Tuomi
> Open-Xchange Oy
>
> >
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>
> ---
> Aki Tuomi
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190205/d67d9334/attachment-0001.html>
More information about the dovecot
mailing list