AVG-2087 log
| Package | dovecot |
| Status | Fixed |
| Severity | High |
| Type | information disclosure |
| Affected | 2.3.14-2 |
| Fixed | 2.3.15-1 |
| Current | 2.4.2-4 [extra] |
| Ticket | None |
| Created | Mon Jun 21 14:43:15 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-33515 | High | Yes | Information disclosure | A security issue has been found in Dovecot before version 2.3.14.1. An on-path attacker could inject plaintext commands before the STARTTLS negotiation that... |
| CVE-2021-29157 | Medium | No | Information disclosure | A security issue has been found in Dovecot before version 2.3.14.1. The kid and azp fields in JWT tokens are not correctly escaped. This may be used to... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 22 Jun 2021 | ASA-202106-56 | dovecot | information disclosure |