Hi Eric, I don't think I understand your answer :).
I'll try to upgrade to the package available in testing inventory. Thanks, I. On Fri, Sep 27, 2019 at 5:36 PM Eric Broch <[email protected]> wrote: > In Dovecot before 2.2.36.4 and 2.3.x *before* 2.3.7.2 (and Pigeonhole > before 0.5.7.2), protocol processing can fail for quoted strings. This > occurs because '\0' characters are mishandled, and can lead to > out-of-bounds writes and remote code execution. > On 9/27/2019 3:10 AM, Ionut Hoza wrote: > > Hi all, > > Are there any plans to address this security vulnerability and publish a > patched package in the qmt current repository ? > https://nvd.nist.gov/vuln/detail/CVE-2019-11500 > > Currently I'm using 2.2.35-23 (built in 2018). > > I saw there is dovecot 2.3.7.2 rpm package in testing repository, does > that contains the fix ? Any advices (issues) regarding upgrading dovecot > from 2.2.35 to 2.3.7.2 ? > > Thanks in advance, > -I. > >
