Thanks!
Get Outlook for Android
On Tue, Oct 1, 2019 at 4:10 AM -0600, "Ionut Hoza" wrote:
Hi,
I've upgraded to dovecot 2.3.7.2 from qmt-testing repository.All works as
expected after upgrade.
Upgrade notes to fix some WARNINGS (in case you manually updated toaster.conf
file
Hi,
I've upgraded to dovecot 2.3.7.2 from qmt-testing repository.
All works as expected after upgrade.
Upgrade notes to fix some WARNINGS (in case you manually updated
toaster.conf file):
1. ssl_dh_parameters_length is no longer required.
Oct 01 10:09:25 config: Warning: Obsolete setting in
/etc
Correct
On 9/30/2019 4:38 AM, Angus McIntyre wrote:
I think Eric is saying that the version in the testing repository --
which, as you said, is 2.3.7.2 -- fixes the vulnerability.
-
To unsubscribe, e-mail: qmailtoaster-list-u
I think Eric is saying that the version in the testing repository --
which, as you said, is 2.3.7.2 -- fixes the vulnerability.
The relevant part of the CVE-2019-11500 report -- which Eric quoted in
his message, with the key words emphasized -- says that this
vulnerability exists in versions o
Hi Eric,
I don't think I understand your answer :).
I'll try to upgrade to the package available in testing inventory.
Thanks,
I.
On Fri, Sep 27, 2019 at 5:36 PM Eric Broch wrote:
> In Dovecot before 2.2.36.4 and 2.3.x *before* 2.3.7.2 (and Pigeonhole
> before 0.5.7.2), protocol processing ca
In Dovecot before 2.2.36.4 and 2.3.x /*before*/ 2.3.7.2 (and Pigeonhole
before 0.5.7.2), protocol processing can fail for quoted strings. This
occurs because '\0' characters are mishandled, and can lead to
out-of-bounds writes and remote code execution.
On 9/27/2019 3:10 AM, Ionut Hoza wrote:
Hi all,
Are there any plans to address this security vulnerability and publish a
patched package in the qmt current repository ?
https://nvd.nist.gov/vuln/detail/CVE-2019-11500
Currently I'm using 2.2.35-23 (built in 2018).
I saw there is dovecot 2.3.7.2 rpm package in testing repository, does t