Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#11874 closed enhancement (fixed)

dovecot-2.3.5.1

Reported by: Douglas R. Reno Owned by: Tim Tassonis
Priority: high Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version

Change History (4)

comment:1 by Bruce Dubbs, 5 years ago

Priority: normalhigh

v2.3.5.1 2019-03-28

  • CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files.

comment:2 by Tim Tassonis, 5 years ago

Owner: changed from blfs-book to Tim Tassonis
Status: newassigned

comment:3 by Tim Tassonis, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed in revision 21414.

comment:4 by Bruce Dubbs, 5 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.