Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

Kevin A. McGrail KMcGrail at PCCC.com
Thu Mar 28 16:37:25 EET 2019


On 3/28/2019 7:42 AM, Aki Tuomi via dovecot wrote:
> olution:
> Operators should update to the latest Patch Release. The only workaround
> is to disable FTS and pop3-uidl plugin.

Hi Aki, thanks for the CVE.  For quick mitigation, can you confirm how
to disable these plugins and what they provide?  We'd like to assess if
we are using them while we rollout the fix.

Regards,

KAM



More information about the dovecot mailing list