[Dovecot-news] v2.3.5.2 released

2019-04-18 Thread Aki Tuomi via Dovecot-news
Lets try again, put wrong changelog to the mail. Sorry about this. https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig Binary packages in https://repo.dovecot.org/     * CVE-2019-10691: Trying to login with 8bit username containing  

[Dovecot-news] CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.

2019-04-18 Thread Aki Tuomi via Dovecot-news
Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.doveco

[Dovecot-news] v2.3.5.2 released

2019-04-18 Thread Aki Tuomi via Dovecot-news
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig Binary packages in https://repo.dovecot.org/ * CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header