> On 18 April 2019 14:40 Benny Pedersen via dovecot <dovecot@dovecot.org> wrote:
> 
>  
> Aki Tuomi via dovecot skrev den 2019-04-18 11:35:
> 
> >     * CVE-2019-10691: Trying to login with 8bit username containing
> >       invalid UTF8 input causes auth process to crash if auth policy is
> >       enabled. This could be used rather easily to cause a DoS. Similar
> >       crash also happens during mail delivery when using invalid UTF8 
> > in
> >       From or Subject header when OX push notification driver is used.
> 
> can this aswell crash dovecot policy service so check policy service on 
> postfix tempfails ?

I am not sure what "dovecot policy service" you mean

This bug only affects push notifications and auth policy (e.g. weakforced) 
connector, as they send out JSON. The crash isn't related to UTF-8 input 
handling as per such.

Aki

Reply via email to