DOVECOT security when and still waiting for a main SECURITY part here in forum


hmm one could say waiting for distro repo…

What should be policy with higher risks CVE’s ?

I think there must be a special forum main topic for that here, to warn at time and have faster if high risk updates or temp workarrounds?

Dear subscribers, we have been made aware of critical vulnerability in
Dovecot and Pigeonhole.

Open-Xchange Security Advisory 2019-08-14

Product: Dovecot
Vendor: OX Software GmbH

Internal reference: DOV-3278
Vulnerability type: Improper input validation (CWE-20)
Vulnerable version: All versions prior to and
Vulnerable component: IMAP and ManageSieve protocol parsers (before and

only using this also as example for having such here in forum!