Hi all, This just popped up on my radar:
https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html They published a new version of Dovecot and it closes a vulnerability: * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. It's been quite a long while since Dovecot had any known vulnerabilities, so this is indeed kind of unexpected. I'm now checking if the Dovecots on 5209R and 5210R are affected by this. 5210R uses the CentOS 8 Dovecot and upstream doesn't have an updated version yet. 5209R uses a Dovecot I've built from the sources, so I'll provide an update for it within the next couple of hours. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
