<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 28 March 2019 16:37 Kevin A. McGrail via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
On 3/28/2019 7:42 AM, Aki Tuomi via dovecot wrote:
</div>
<blockquote type="cite">
<div>
olution:
</div>
<div>
Operators should update to the latest Patch Release. The only workaround
</div>
<div>
is to disable FTS and pop3-uidl plugin.
</div>
</blockquote>
<div>
Hi Aki, thanks for the CVE. For quick mitigation, can you confirm how
</div>
<div>
to disable these plugins and what they provide? We'd like to assess if
</div>
<div>
we are using them while we rollout the fix.
</div>
<div>
<br>
</div>
<div>
Regards,
</div>
<div>
<br>
</div>
<div>
KAM
</div>
</blockquote>
<div>
<br>
</div>
<div>
check for fts in mail_plugins. pop3-uidl is used by pop3_migration plugin.
</div>
<div class="io-ox-signature">
<pre>---
Aki Tuomi</pre>
</div>
</body>
</html>