Dovecot

Reply: The Doctor : "Re: Dovecot"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: @lbutlr <kremels_at_kreme.com>
Date: Thu, 01 Jul 2021 22:21:31 UTC

The current version of dovecot is 2.3.15. The newest ports version is 2.3.13_1 

dovecot-2.3.13_1 is vulnerable:
  dovecot -- multiple vulnerabilities
  CVE: CVE-2021-33515
  CVE: CVE-2021-29157
  WWW: https://vuxml.FreeBSD.org/freebsd/d18f431d-d360-11eb-a32c-00a0989e4ec1.html

dovecot-pigeonhole-0.5.13 is vulnerable:
  dovecot-pigeonhole -- Sieve excessive resource usage
  CVE: CVE-2020-28200
  WWW: https://vuxml.FreeBSD.org/freebsd/f3fc2b50-d36a-11eb-a32c-00a0989e4ec1.html

These CVEs were addressed in 2.3.14.1.

Any idea what the delay is?

-- 
Can I borrow your underpants for 10 minutes?