Summary: | net-mail/dovecot: Buffer overflows due to null bytes in imap and managedsieve parser | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | christian, eras |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2019/08/28/3 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2019-08-28 15:52:13 UTC
Pigeonhole is also affected (gets installed with dovecot with USE="sieve"), fix is in 0.5.7.2: https://raw.githubusercontent.com/dovecot/pigeonhole/0.5.7.2/NEWS FWIW, bumping ebuild to 2.3.7.2 built & running fine here with no other changes. I do not use sieve so cannot comment on it. This is CVE-2019-11500 according to the oss-sec report. Confirming that bumping to dovecot-2.3.7.2 with sieve_version=0.5.7.2 builds and runs on amd64. Sieve-based filtering still works. *** This bug has been marked as a duplicate of bug 692572 *** |