[3.2] dovecot: Buffer overflow when handling pop3_deleted_flag setting
An exploitable buffer overflow vulnerability was fixed in dovecot
2.2.19
when handling pop3_deleted_flag setting. The vulnerability has been
present since 2.2.10 version.
No CVE for now.
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=1276607
https://bugs.mageia.org/show\_bug.cgi?id=17162
Upstream patch:
http://hg.dovecot.org/dovecot-2.2/rev/05e0700daea3
(from redmine: issue id 4893, created on 2015-11-24, closed on 2015-11-30)
- Relations:
- parent #4892 (closed)
- Changesets:
- Revision 5b26076c by Natanael Copa on 2015-11-30T13:53:13Z:
main/dovecot: security upgrade to 2.2.19
fixes #4893