Sadly, I guess not...
I'm not sure what to make of this, seeing as both Wietse and Timo said
it was almost a trivial thing to fix.
On Fri Apr 12 2019 12:17:22 GMT-0400 (Eastern Standard Time), Tanstaafl
via dovecot wrote:
> I'm resurrecting this again because I'm getting pretty close to
On 4/12/19 12:48 AM, Stephan Bosch wrote:
On 29/03/2019 10:23, Michal Hlavinka via dovecot wrote:
On 3/28/19 6:41 PM, Aki Tuomi via dovecot wrote:
On 28 March 2019 19:40 Michal Hlavinka via dovecot
wrote:
Hi,
when trying to build dovecot 2.3.5.1 pigeonhole testsuite crashes in
> On 18 April 2019 14:40 Benny Pedersen via dovecot wrote:
>
>
> Aki Tuomi via dovecot skrev den 2019-04-18 11:35:
>
> > * CVE-2019-10691: Trying to login with 8bit username containing
> > invalid UTF8 input causes auth process to crash if auth policy is
> > enabled. This
Aki Tuomi via dovecot skrev den 2019-04-18 11:35:
* CVE-2019-10691: Trying to login with 8bit username containing
invalid UTF8 input causes auth process to crash if auth policy is
enabled. This could be used rather easily to cause a DoS. Similar
crash also happens during
Hi,
We are having some issues with the auth connection
Version: 2.3.5.1, with MySQL and Postfix
The server is working fine, and randomly after some days, Dovecot fails
to auth:
Apr 18 14:25:16 mail dovecot[25013]: auth: Warning: Event 0x126eba20
leaked (parent=0x126eb820):
Aside from these two things they have really, I
mean really a lot, issues in open state regarding ssl...
Which maybe speaks for a more generous alternativ anyways
On 18/04/2019 12:25, TG Servers wrote:
Kostya,
they have
Kostya,
they have already a bug open on this as I saw now
https://jira.mariadb.org/browse/MDEV-18131
and I also filed a bug on the TLS cipher string issue from
yesterday.
Depending on when this will be resolved I will have to consider
Have you considered any alternatives?
I'm thinking of IPSec to create a secured network encapsulation channel(s)
"above" the TCP connection(s).
This would provide encryption with control over cipher(s), and cert validation
on both sides (if you used cert auth, not PSK).
-- K
On Thu, Apr 18,
Lets try again, put wrong changelog to the mail. Sorry about this.
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig
Binary packages in https://repo.dovecot.org/
* CVE-2019-10691: Trying to login with 8bit username containing
Lets try again, put wrong changelog to the mail. Sorry about this.
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig
Binary packages in https://repo.dovecot.org/
* CVE-2019-10691: Trying to login with 8bit username containing
Ok then it seems again a MariaDB issue, they don't
check against IP in the SAN it seems, this has nothing to do with
ssl_ca setting it seems
host= port= dbname=
user= ssl_verify_server_cert=yes ssl_cipher=TLSv1.2
ssl_ca=/etc/ssl/certs/ca-bundle.crt
Dear subscribers,
we're sharing our latest advisory with you and would like to thank
everyone who contributed in finding and solving those vulnerabilities.
Feel free to join our bug bounty programs (open-xchange, dovecot,
powerdns) at HackerOne.
You can find binary packages at
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig
Binary packages in https://repo.dovecot.org/
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
> On 18 April 2019 11:34 TG Servers via dovecot wrote:
>
>
> Hi,
>
> when using ssl_verify_server_cert in mysql connection string, is the cert
> verified also against SAN (DNS and IP)?
> Because this doesn't seem to work. I get a certification verification error
> in handshake when
Hi,
when using ssl_verify_server_cert in mysql connection string, is
the cert verified also against SAN (DNS and IP)?
Because this doesn't seem to work. I get a certification
verification error in handshake when connecting via IP.
But the cert is
short and clear :) thanks... I was also heading
into this direction and will get to them with this issue
On 18/04/2019 08:20, Aki Tuomi via
dovecot wrote:
On 17.4.2019 23.00, Kostya Vasilyev
via dovecot wrote:
On 17.4.2019 15.17, azurit--- via dovecot wrote:
> Hi guys,
>
> this page needs to be updated:
> https://wiki2.dovecot.org/MailLocation/Maildir#Control_files
>
> (link was from here: https://wiki2.dovecot.org/MailLocation)
>
> Section 'Control files' is mentioning only 2 files but, in fact,
>
On 17.4.2019 23.00, Kostya Vasilyev via dovecot wrote:
> I'm not Aki but hope you don't mind...
>
> On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote:
>> Hi,
>>
>> MariaDB documentation says it accepts OpenSSL cipher strings in its
>> ssl_cipher parameters like ssl_cipher="TLSv1.2".
Set
mail_debug=no
That message is telling that imap process is opening mail because it
needs the full mail for some purpose. It's a *debug* message so feel
free to ignore it.
Aki
On 18.4.2019 0.43, Yevgeny Kosarzhevsky via dovecot wrote:
> Hello,
>
> I am getting strange messages on logs and I
19 matches
Mail list logo
