On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > On 02.12.2016 10:45, Jonas Wielicki wrote: > > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: > > > We are sorry to report that we have a bug in dovecot, which > > > merits a > > > CVE. See details below. If you haven't configured any > > > auth_policy_* > > > settings you are ok. This is fixed with > > > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f3 > > > 4be960cff13 > > > a5a725ae and > > > https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d > > > 57351fd42c6 > > > 7a8612fc > > > > > > Important vulnerability in Dovecot (CVE-2016-8562) > > > > Are you sure about the CVE number? According to Debian [1] and > > mitre [2], it’s > > for SIEMENS something, not Dovecot. > > > > best regards, > > Jonas Wielicki > > > > [1]: https://security-tracker.debian.org/tracker/CVE-2016-8562 > > [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-856 > > 2 > > Ups, sent wrong number, correct is CVE-2016-8652.
That is the same number, no?
