In Dovecot before and 2.3.x /*before*/ (and Pigeonhole before, protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

On 9/27/2019 3:10 AM, Ionut Hoza wrote:
Hi all,

Are there any plans to address this security vulnerability and publish a patched package in the qmt current repository ?

Currently I'm using 2.2.35-23 (built in 2018).

I saw there is dovecot rpm package in testing repository, does that contains the fix ? Any advices (issues) regarding upgrading dovecot from 2.2.35 to ?

Thanks in advance,

Reply via email to