On 28.3.2019 13.41, Aki Tuomi via dovecot wrote: > https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz > https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig > > * CVE-2019-7524: Missing input buffer size validation leads into > arbitrary buffer overflow when reading fts or pop3 uidl header > from Dovecot index. Exploiting this requires direct write access to > the index files. > > --- > Aki Tuomi > Open-Xchange oy > Small mistake in the URLs, please use these.
https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.3.tar.gz.sig Aki
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dovecot-news mailing list [email protected] https://dovecot.org/mailman/listinfo/dovecot-news
