Source: dovecot Version: 1:2.3.4.1-4 Severity: grave Tags: security upstream Justification: user security hole
Hi, The following vulnerabilities were published for dovecot. CVE-2019-11494[0]: | Submission-login crashes with signal 11 due to null pointer access | when authentication is aborted by disconnecting. CVE-2019-11499[1]: | Submission-login crashes when authentication is started over TLS | secured channel and invalid authentication message is sent If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11494 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11494 https://dovecot.org/pipermail/dovecot/2019-April/115757.html [1] https://security-tracker.debian.org/tracker/CVE-2019-11499 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11499 https://dovecot.org/pipermail/dovecot/2019-April/115758.html Regards, Salvatore