Hi all!
We are pleased to release v0.5.21 of Pigeonhole.
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.21.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.21.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Docker images in
Hi all!
We are pleased to release v2.3.21 of Dovecot.
https://dovecot.org/releases/2.3/dovecot-2.3.21.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.21.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Docker images in https://hub.docker.com/r/dovecot/dovecot
Regards,
Aki Tuomi
We are pleased to release v0.5.20 of Pigeonhole.
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.20.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.20.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Docker images in
We are pleased to release v2.3.20 of Dovecot.
https://dovecot.org/releases/2.3/dovecot-2.3.20.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.20.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Docker images in https://hub.docker.com/r/dovecot/dovecot
Regards,
Aki Tuomi
Open-Xchange
> On 06/07/2022 16:54 EEST Aki Tuomi via Dovecot-news
> wrote:
>
>
> Affected product: Dovecot IMAP Server
> Internal reference: DOV-5320
> Vulnerability type: Improper Access Control (CWE-284)
> Vulnerable version: 2.2
> Vulnerable component: submission
>
Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor
Hi everyone!
Due to a severe bug in doveadm deduplicate, we are releasing patch release
2.3.19.1. Please find it at locations below:
https://dovecot.org/releases/2.3/dovecot-2.3.19.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.19.1.tar.gz.sig
Binary packages in https://repo.dovecot.org/
> On 10/05/2022 09:33 Aki Tuomi wrote:
>
>
> Hi all!
>
> We are pleased to release v0.5.19 of Pigeonhole.
>
> This release is done to maintain parity with dovecot 2.3.19 release, so it
> does not contain any news-worthy changes.
>
>
Hi all!
We are pleased to release v0.5.19 of Pigeonhole.
This release is done to maintain parity with dovecot 2.3.19 release, so it does
not contain any news-worthy changes.
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.18.tar.gz
Hi all!
We are pleased to release v2.3.19 of Dovecot.
The docker images have been upgraded to use bullseye as base image.
https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Docker images
Dear subscribers,
This year we will be releasing a new Dovecot major release. In preparations for
this, we are doing some repository changes,
which will affect you if you are using our git repositories. These changes will
become effective after 14th of February.
Following branch name changes
Hi all!
We are pleased to release v0.5.18 of Pigeonhole.
Debian/Stretch support has now been dropped.
CentOS 8 packages have been replaced with RedHat Enterprise Linux 8 packages.
These should be compatible with all the various variants.
Hi all!
We are pleased to release v2.3.18 of Dovecot.
Debian/Stretch support has now been dropped.
CentOS 8 packages have been replaced with RedHat Enterprise Linux 8 packages.
These should be compatible with all the various variants.
https://dovecot.org/releases/2.3/dovecot-2.3.18.tar.gz
Open-Xchange Security Advisory 2019-12-13
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Hi all!
We are pleased to release v2.3.9.1 of Dovecot. Please find it from
locations below
https://dovecot.org/releases/2.3/dovecot-2.3.9.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.9.1.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Docker images in
Hi all!
We are pleased to release v0.5.9 of Pigeonhole. Please find it from
locations below
---
Aki Tuomi
Open-Xchange oy
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.9.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.9.tar.gz.sig
Binary
Hi all!
We are pleased to release v2.3.9 of Dovecot. Please find it from
locations below
---
Aki Tuomi
Open-Xchange oy
https://dovecot.org/releases/2.3/dovecot-2.3.9.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.9.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Docker images in
On 9.10.2019 9.01, Aki Tuomi via Dovecot-news wrote:
> Hi!
>
> We have now buster packages available starting from 2.3.8. You can find
> them from https://repo.dovecot.org/
>
> In related news, we are planning on dropping packages for Debian Jessie,
> Ubuntu 18 and CentOS
Hi!
We have now buster packages available starting from 2.3.8. You can find
them from https://repo.dovecot.org/
In related news, we are planning on dropping packages for Debian Jessie,
Ubuntu 18 and CentOS6 starting from 2.3.9.
---
Aki Tuomi
Open-Xchange oy
signature.asc
Description: OpenPGP
https://dovecot.org/releases/2.3/dovecot-2.3.8.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.8.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Changes
+ Added mail_delivery_started and mail_delivery_finished events, see
https://doc.dovecot.org/admin_manual/list_of_events/ for
Dear subscribers, we have been made aware of critical vulnerability in
Dovecot and Pigeonhole.
---
Open-Xchange Security Advisory 2019-08-14
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3278
Vulnerability type: Improper input validation (CWE-20)
Vulnerable version: All
Hi!
We are pleased to release Pigeonhole release v0.5.7.2
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig
Binary packages are available at
Hi!
We are pleased to release Dovecot release v2.2.36.4
Tarball is available at
https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.3.36.4.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* CVE-2019-11500:
Hi!
We are pleased to release Dovecot release v2.3.7.2
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* CVE-2019-11500: IMAP
Hi!
We are pleased to release Dovecot release v2.3.7.
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.7.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.7.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* fts-solr: Removed
Hi!
We are pleased to release Pigeonhole 0.5.6 for Dovecot 2.3.6.
Tarball
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.6.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.6.tar.gz.sig
Binary packages can be found from
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3223 (Bug ID)
Vulnerability type: CWE-617
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3212 (Bug ID)
Vulnerability type: CWE-476
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Researcher credits: Marcelo Coelho
Solution
Hi!
We are pleased to release Dovecot v2.3.6.
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* CVE-2019-11494: Submission-login
Lets try again, put wrong changelog to the mail. Sorry about this.
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig
Binary packages in https://repo.dovecot.org/
* CVE-2019-10691: Trying to login with 8bit username containing
On 28.3.2019 13.41, Aki Tuomi via dovecot wrote:
> https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz
> https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig
>
> * CVE-2019-7524: Missing input buffer size validation leads into
> arbitrary buffer overflow when reading fts or
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig
Binary packages in https://repo.dovecot.org/
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-2964 (Bug ID)
Vulnerability type: CWE-120
Vulnerable version: 2.0.14 - 2.3.5
Vulnerable component: fts, pop3-uidl-plugin
Report confidence: Confirmed
Researcher credits: Found in internal testing
Solution status: Fixed by Vendor
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
from Dovecot index. Exploiting this
Hi!
We are happy to release pigeonhole v0.5.5 for dovecot v2.3.5.
Please find sources at
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.5.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.5.tar.gz.sig
(Please note that the signing key has
Hi!
We are happy to release dovecot v2.3.5.
Please find sources at
https://dovecot.org/releases/2.3/dovecot-2.3.5.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.tar.gz.sig
You can find precompiled binaries at
https://repo.dovecot.org/
NEWS:
+ Lua push notification driver: mail
Did I say so? It's known issue and will be fixed in future release.
Aki
On 05 February 2019 at 22:27 Odhiambo Washington via dovecot <
dove...@dovecot.org> wrote:
Oh, so manual compile should NOT work and it's
On 05 February 2019 at 22:18 Odhiambo Washington via dovecot <
dove...@dovecot.org> wrote:
On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot <
dove...@dovecot.org>
wrote:
Due to
Due to DMARC issues some people have failed to receive the latest security
information, so here it is repeated for both releases:
2.3.4.1
https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig
39 matches
Mail list logo
