Hi Eric,

I don't think I understand your answer :).

I'll try to upgrade to the package available in testing inventory.

Thanks,
I.

On Fri, Sep 27, 2019 at 5:36 PM Eric Broch <ebr...@whitehorsetc.com> wrote:

> In Dovecot before 2.2.36.4 and 2.3.x *before* 2.3.7.2 (and Pigeonhole
> before 0.5.7.2), protocol processing can fail for quoted strings. This
> occurs because '\0' characters are mishandled, and can lead to
> out-of-bounds writes and remote code execution.
> On 9/27/2019 3:10 AM, Ionut Hoza wrote:
>
> Hi all,
>
> Are there any plans to address this security vulnerability and publish a
> patched package in the qmt current repository ?
> https://nvd.nist.gov/vuln/detail/CVE-2019-11500
>
> Currently I'm using 2.2.35-23 (built in 2018).
>
> I saw there is dovecot 2.3.7.2 rpm package in testing repository, does
> that contains the fix ? Any advices (issues) regarding upgrading dovecot
> from 2.2.35 to 2.3.7.2 ?
>
> Thanks in advance,
> -I.
>
>

Reply via email to