[BlueOnyx:23167] Re: dovecot CVE-2019-11500
Michael Stauber
mstauber at blueonyx.it
Sun Sep 1 03:26:44 -05 2019
Hi Christoph,
> Just a little heads-up as I didn't see this mentionned here, there seems
> to be a new vulnerability in dovecot:
>
> https://access.redhat.com/security/cve/cve-2019-11500
>
> https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html
Thank you. This is indeed new and needs my attention. I'll roll out
updated Dovecot RPMs as soon as I can. As we might want to go directly
from 2.2.30 to 2.3.7.2 it'll be a bit more complicated than usual, though.
The RedHat announcement is interesting. Even though RHEL6 isn't EOL yet
(until third quarter 2020) they say "Out of support scope" for this
vulnerability? If I were a paying customer I'd be less than exited at
that. :p
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list