| Summary: | dovecot possible new security issue CVE-2019-19722 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Stig-Ørjan Smelror <smelror> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | smelror |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | dovecot-2.3.7.2-3.mga8.src.rpm | CVE: | CVE-2019-19722 |
| Status comment: | |||
|
Description
David Walser
2019-12-13 12:13:25 CET
2.3.9.1 pushed to Cauldron. Can't find any info if older versions are affected or not. If wanted, I can push 2.3.9.1 to Mageia 7 to be on the safe side. Cheers, Stig CC:
(none) =>
smelror I guess we can wait and see what other distros do. Resolution:
(none) =>
FIXED You'll need to update again to 2.3.9.2 though: https://www.openwall.com/lists/oss-security/2019/12/13/3 https://dovecot.org/pipermail/dovecot/2019-December/117893.html One more reference: https://dovecot.org/pipermail/dovecot/2019-December/117894.html 2.3.9.2 pushed to Cauldron. Fedora has issued an advisory for this on January 8: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4OZCJ3RBA4WIYGN7SOV4TW2AIHXPZATK/ Still doesn't clearly indicate that older versions are affected though. Severity:
normal =>
major |