Page 2 of 2
Re: Where is the Dovecot security fix????
Posted: 2019/09/23 21:30:00
by hunter86_bg
SuSE still haven't patched all their products - so RedHat is a little bit faster.
Of course , you can always switch to openBSD
Edit: I'm pretty sure that enterprise (paying) customers got the fix earlier.
Re: Where is the Dovecot security fix????
Posted: 2019/09/25 20:49:43
by bonedome
Hello
does this page not fix the problem
https://repo.dovecot.org/#centos ?
Re: Where is the Dovecot security fix????
Posted: 2019/09/25 20:50:18
by TrevorH
That means going outside the distro and that's not really the right way to fix it.
Re: Where is the Dovecot security fix????
Posted: 2019/10/04 16:39:58
by SpaceAce
Just because SuSE is even slower than RedHat does not make this any better!
I critical security issue should not take months to be fixed!
It should rather be days instead!
Re: Where is the Dovecot security fix????
Posted: 2019/10/04 19:18:45
by KernelOops
I've been tracking this bug for several weeks now and it seems like redhat does not see it as a critical issue.
Maybe because its quite hard to exploit this bug without authenticating first, so only known users would pose a real threat. I am not sure what their reasoning is for delaying the fix on purpose.
Re: Where is the Dovecot security fix????
Posted: 2019/11/25 19:49:08
by Pumpino
As a followup question, does anyone know why RHEL 8 includes the same ancient version (2.2.36) of dovecot that RHEL 7 does? Why wouldn't they have moved to the 2.3 series?