Fwd: Request to update dovecot to release v2.3.10.1
I am not sure if this should be here or in the security list:
Over on the dovecot-news mailing list they have announced three
vulnerabilities,
- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
I am no expert, but it looks like in each case a remote attacker could
cause a vulnerable server to crash by sending a malformed email.
Dovecot have released v2.3.10.1 to fix these issues, but that version
has not appeared in Debian, and as far as I can tell the fixes to the
above issues have not been backported to an older release.
Could we have an updated release please?
--
David Pottage
Reply to: