On 04.01.2021 14:02, Dan Malm wrote:
> On 2021-01-04 13:03, Aki Tuomi wrote:
>> Vulnerable version: 2.2.26-2.3.11.3
>> Fixed version: 2.3.13
> No fix for 2.2.36?
>
Hi
Probably not fixed - my heart's been broken to - but this solutions
"imap_hibernate_timeout = 0" probably save you...
--
Maciej Mi
..@dovecot.org; dovecot@dovecot.org
> Subject: CVE-2020-24386: IMAP hibernation allows accessing other peoples
> mail
>
> Open-Xchange Security Advisory 2021-01-04
>
> Product: Dovecot
> Vendor: OX Software GmbH
> Internal reference: DOP-2009 (Bug ID)
> Vulnerability type: CW
> On 04/01/2021 15:02 Dan Malm wrote:
>
>
> On 2021-01-04 13:03, Aki Tuomi wrote:
> > Vulnerable version: 2.2.26-2.3.11.3
> > Fixed version: 2.3.13
>
> No fix for 2.2.36?
>
> --
> BR/Mvh. Dan Malm, Systems Engineer, One.com
We have not made fix for 2.2.36 as it's EOLed.
Aki
I guess redhat will backport it.
-Original Message-
Sent: 04 January 2021 14:02
To: dovecot@dovecot.org
Subject: Re: CVE-2020-24386: IMAP hibernation allows accessing other
peoples mail
On 2021-01-04 13:03, Aki Tuomi wrote:
> Vulnerable version: 2.2.26-2.3.11.3
> Fixed v
On 2021-01-04 13:03, Aki Tuomi wrote:
> Vulnerable version: 2.2.26-2.3.11.3
> Fixed version: 2.3.13
No fix for 2.2.36?
--
BR/Mvh. Dan Malm, Systems Engineer, One.com
This also applies when you have users seperated at os level?
-Original Message-
Sent: 04 January 2021 13:03
To: dovecot-n...@dovecot.org; dovecot@dovecot.org
Subject: CVE-2020-24386: IMAP hibernation allows accessing other peoples
mail
Open-Xchange Security Advisory 2021-01-04
Open-Xchange Security Advisory 2021-01-04
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOP-2009 (Bug ID)
Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or
Control Sequences
Vulnerable version: 2.2.26-2.3.11.3
Vulnerable component: imap
Report confidence: Con
