Opened 4 years ago

Closed 4 years ago

#12907 closed defect (fixed)

dovecot-2.3.9.2

Reported by: Bruce Dubbs Owned by: Tim Tassonis
Priority: high Milestone: 9.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by ken@…)

New micro version.

In fact two micro versions, the first has a CVE. From https://dovecot.org/doc/NEWS :

v2.3.9.2 2019-12-13 Aki Tuomi <aki.tuomi@…>

  • Mails with empty From/To headers can also cause crash in push notification drivers.

v2.3.9.1 2019-12-13 Aki Tuomi <aki.tuomi@…>

  • CVE-2019-19722: Mails with group addresses in From or To fields caused crash in push notification drivers.

Change History (3)

comment:1 by ken@…, 4 years ago

Description: modified (diff)
Priority: normalhigh
Type: enhancementdefect

comment:2 by Tim Tassonis, 4 years ago

Owner: changed from blfs-book to Tim Tassonis
Status: newassigned

comment:3 by Tim Tassonis, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed in revision 22475.

Note: See TracTickets for help on using tickets.