Hi!
We are pleased to release Dovecot release v2.3.7.2
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* CVE-2019-11500: IMAP
Hi,
I use a post login script for imap, to fetch acl groups from LDAP. Because
Dovecot can only deal with a single value, which must be a comma seperated list
of groups, I decided to use a post login script do deal with multi values in
LDAP:
This looks like this in LDAP:
rnsMSACLGroup: admin
Dear subscribers, we have been made aware of critical vulnerability in
Dovecot and Pigeonhole.
---
Open-Xchange Security Advisory 2019-08-14
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3278
Vulnerability type: Improper input validation (CWE-20)
Vulnerable version: All
> On Aug 28, 2019, at 8:07 AM, Timo Sirainen via dovecot
> wrote:
>
>> On 25 Aug 2019, at 21.51, Sebastian Krause via dovecot
>> wrote:
>>
>> Hi,
>>
>> In many mail setups a required feature (for privacy reasons) is to
>> hide the host and IP of clients (in the "Received" header) that
On 25 Aug 2019, at 21.51, Sebastian Krause via dovecot
wrote:
>
> Hi,
>
> In many mail setups a required feature (for privacy reasons) is to
> hide the host and IP of clients (in the "Received" header) that use
> the authenticated submission over port 587. In Postfix that's
> possible
Hi!
We are pleased to release Pigeonhole release v0.4.24.2
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sig
Changes
---
* CVE-2019-11500:
Hi!
We are pleased to release Pigeonhole release v0.5.7.2
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig
Binary packages are available at
Hi!
We are pleased to release Dovecot release v2.2.36.4
Tarball is available at
https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.3.36.4.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* CVE-2019-11500:
On 2019-08-28 14:07, Timo Sirainen via dovecot wrote:
On 25 Aug 2019, at 21.51, Sebastian Krause via dovecot
wrote:
Hi,
In many mail setups a required feature (for privacy reasons) is to
hide the host and IP of clients (in the "Received" header) that use
the authenticated submission over
On 28/08/2019 14:58, Christoph Pleger via dovecot wrote:
Hello,
On 2019-08-28 14:10, Aki Tuomi via dovecot wrote:
Dear subscribers, we have been made aware of critical vulnerability in
Dovecot and Pigeonhole.
Has this already been fixed in 2.2.36.4? Changelog does not mention it.
On 28/08/2019 16:58 Christoph Pleger via dovecot <
dovecot@dovecot.org> wrote:
Hello,
On 2019-08-28 14:10, Aki Tuomi via dovecot wrote:
Dear subscribers, we have been made aware of
Further information below.
> Am 28.08.2019 um 14:52 schrieb R.N.S. via dovecot :
>
> Hi,
>
> I use a post login script for imap, to fetch acl groups from LDAP. Because
> Dovecot can only deal with a single value, which must be a comma seperated
> list of groups, I decided to use a post login
Hello,
On 2019-08-28 14:10, Aki Tuomi via dovecot wrote:
Dear subscribers, we have been made aware of critical vulnerability in
Dovecot and Pigeonhole.
Has this already been fixed in 2.2.36.4? Changelog does not mention it.
Regards
Christoph
Timo Sirainen wrote:
> Yeah, it would be useful to hide the client's IP and do it by
> default. Actually I think there shouldn't even be an option to not
> hide it. Or would it be better or worse to just not have the
> Received header added at all?
I don't think it's a good idea to just hide the
Aki Tuomi, 28.08.19, 14:06 CEST:
> Tarball is available at
>
> https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz
> https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sig
On
https://pigeonhole.dovecot.org/download.html
the link to
> On 28/08/2019 21:07 R.N.S. via dovecot wrote:
>
>
> > Am 28.08.2019 um 20:02 schrieb Aki Tuomi via dovecot :
> >
> >
> >> On 28/08/2019 21:01 R.N.S. via dovecot wrote:
> >>
> >>
> >>> Am 28.08.2019 um 19:46 schrieb Jakobus Schürz via dovecot
> >>> :
> >>>
> >>> I think, i had the
> On 28/08/2019 21:01 R.N.S. via dovecot wrote:
>
>
> > Am 28.08.2019 um 19:46 schrieb Jakobus Schürz via dovecot
> > :
> >
> > I think, i had the same problem as you.
> >
> > When dovecot runs lmtp, no user is logged in, so there is no user from
> > which you can get groups. So i think,
> Am 28.08.2019 um 19:46 schrieb Jakobus Schürz via dovecot
> :
>
> I think, i had the same problem as you.
>
> When dovecot runs lmtp, no user is logged in, so there is no user from
> which you can get groups. So i think, my solution is (not really sure,
> if this is right, it's a long time
> Am 28.08.2019 um 20:02 schrieb Aki Tuomi via dovecot :
>
>
>> On 28/08/2019 21:01 R.N.S. via dovecot wrote:
>>
>>
>>> Am 28.08.2019 um 19:46 schrieb Jakobus Schürz via dovecot
>>> :
>>>
>>> I think, i had the same problem as you.
>>>
>>> When dovecot runs lmtp, no user is logged in,
> Am 28.08.2019 um 20:11 schrieb Aki Tuomi via dovecot :
>
>
>> On 28/08/2019 21:07 R.N.S. via dovecot wrote:
>>
>>
>>> Am 28.08.2019 um 20:02 schrieb Aki Tuomi via dovecot :
>>>
>>>
On 28/08/2019 21:01 R.N.S. via dovecot wrote:
> Am 28.08.2019 um 19:46 schrieb
I think, i had the same problem as you.
When dovecot runs lmtp, no user is logged in, so there is no user from
which you can get groups. So i think, my solution is (not really sure,
if this is right, it's a long time ago, i played around) this transport
in exim for local delivery
On 28.8.2019 22.07, Markus Schönhaber via dovecot wrote:
> Aki Tuomi, 28.08.19, 14:06 CEST:
>
>> Tarball is available at
>>
>> https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz
>>
Hi!
We are pleased to release Dovecot release v2.3.7.2
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* CVE-2019-11500: IMAP
Dear subscribers, we have been made aware of critical vulnerability in
Dovecot and Pigeonhole.
---
Open-Xchange Security Advisory 2019-08-14
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3278
Vulnerability type: Improper input validation (CWE-20)
Vulnerable version: All
Hi!
We are pleased to release Pigeonhole release v0.5.7.2
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig
Binary packages are available at
Hi!
We are pleased to release Dovecot release v2.2.36.4
Tarball is available at
https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.3.36.4.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* CVE-2019-11500:
26 matches
Mail list logo
