[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Fwd: Request to update dovecot to release v2.3.10.1



I am not sure if this should be here or in the security list:

Over on the dovecot-news mailing list they have announced three vulnerabilities,

 - CVE-2020-10957
 - CVE-2020-10958
 - CVE-2020-10967

https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html

I am no expert, but it looks like in each case a remote attacker could cause a vulnerable server to crash by sending a malformed email.

Dovecot have released v2.3.10.1 to fix these issues, but that version has not appeared in Debian, and as far as I can tell the fixes to the above issues have not been backported to an older release.

Could we have an updated release please?

--
David Pottage


Reply to: