Yes, All versions in our archive are affected. Below I have the openwall message and extracted the corresponding commits needed to address each CVE.
* CVE-2024-23184 (https://www.openwall.com/lists/oss-security/2024/08/15/3) - https://github.com/dovecot/core/commit/f8b5e476dce314ea3f557330eeaa9c5b29159957 - https://github.com/dovecot/core/commit/1a40011fc16b244ba88fa1d1d7d3d2da9d937ec5 - https://github.com/dovecot/core/commit/736dfdbf49826c4a30af9d88f092733be78b3b21 - https://github.com/dovecot/core/commit/60833b7b3097a390445ef09436c3428678aa4ab5 - https://github.com/dovecot/core/commit/1185787db8b5ad50615dbb599f5515151acb6b12 - https://github.com/dovecot/core/commit/3068b0cc6e9af71e4121c3eaeefbc7b8444285fa * CVE-2024-23185 (https://www.openwall.com/lists/oss-security/2024/08/15/4) - https://github.com/dovecot/core/commit/586b3603a57e2a40534d4c69e8ac2a045e8e3128 - https://github.com/dovecot/core/commit/835ff53ee78d2ff2c01b56c40cb9315f77f41758 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077324 Title: 2.3.21.1 released mitigating CVE-2024-23184/CVE-2024-23185 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/2077324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
