Hi Aki,
> we are releasing a CVE patch release 2.3.21.1.
Your message to the oss-security list [0] says both 2.2 and 2.3 versions
are vulnerable to CVE-2024-23184. Using the following test message as
reproducer
From: f...@example.net
To: b...@example.net
, b...@example.net
[
Hi there,
Dovecot 2.3.7 appears to hang when the client sends a long command after
enabling the IMAP COMPRESS extension [RFC 4978]. PoC script attached
along with the doveconf(1) output.
Without COMPRESS=DEFLATE, and with the default ‘imap_max_line_length’
value (64k) I'm able send commands up t
Hi there,
RFC 5258 (IMAP4 LIST command extensions) defines a ‘RECURSIVEMATCH’
selection option which “forces the server to return information about
parent mailboxes that don't match other selection options, but have some
submailboxes that do.” (Section 3.5 makes the requirement even clearer.)
Ho
Hi there,
There seem to be a race condition in IMAP NOTIFY: when two events for
the SELECTED mailbox are received soon after one another, sometimes only
the first one is being reported to clients that enabled IMAP NOTIFY. On
closer look it seems like this is most often reproducible when the delay
