In Dovecot before 188.8.131.52 and 2.3.x /*before*/ 184.108.40.206 (and Pigeonhole
before 0.5.7.2), protocol processing can fail for quoted strings. This
occurs because '\0' characters are mishandled, and can lead to
out-of-bounds writes and remote code execution.
On 9/27/2019 3:10 AM, Ionut Hoza wrote:
Are there any plans to address this security vulnerability and publish
a patched package in the qmt current repository ?
Currently I'm using 2.2.35-23 (built in 2018).
I saw there is dovecot 220.127.116.11 rpm package in testing repository, does
that contains the fix ? Any advices (issues) regarding upgrading
dovecot from 2.2.35 to 18.104.22.168 ?
Thanks in advance,