<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 30 April 2019 21:06 @lbutlr via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
On 30 Apr 2019, at 07:21, Aki Tuomi via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
</div>
<blockquote type="cite">
<div>
We are pleased to release Dovecot v2.3.6.
</div>
</blockquote>
<div>
pkg adult shows the following, not mentioned in the changes:
</div>
<div>
<br>
</div>
<div>
dovecot-2.3.5.1 is vulnerable:
</div>
<div>
dovecot -- json encoder crash
</div>
<div>
CVE: CVE-2019-10691
</div>
<div>
WWW:
<a href="https://vuxml.FreeBSD.org/freebsd/a64aa22f-61ec-11e9-85b9-a4badb296695.html" rel="noopener" target="_blank">https://vuxml.FreeBSD.org/freebsd/a64aa22f-61ec-11e9-85b9-a4badb296695.html</a>
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
(just curious)
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
--
</div>
<div>
'Things either exist or they don't,' said Jeremy. 'I am very clear about
</div>
<div>
that. I have medicine.' --The Thief of Time
</div>
</blockquote>
<div>
<br>
</div>
<div>
We don't usually mention fixes for previous releases again.
</div>
<div class="io-ox-signature">
<pre>---
Aki Tuomi</pre>
</div>
</body>
</html>