DOVECOT security when and still waiting for a main SECURITY part here in forum

1 post / 0 new
#1 Fri, 08/30/2019 - 05:12
Jfro

DOVECOT security when and still waiting for a main SECURITY part here in forum

See https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html

hmm one could say waiting for distro repo.....

What should be policy with higher risks CVE's ?

I think there must be a special forum main topic for that here, to warn at time and have faster if high risk updates or temp workarrounds?

Dear subscribers, we have been made aware of critical vulnerability in
Dovecot and Pigeonhole.

---

Open-Xchange Security Advisory 2019-08-14

Product: Dovecot
Vendor: OX Software GmbH

Internal reference: DOV-3278
Vulnerability type: Improper input validation (CWE-20)
Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4
Vulnerable component: IMAP and ManageSieve protocol parsers (before and

only using this also as example for having such here in forum!