Where is the Dovecot security fix????

[hunter86_bg]

SuSE still haven't patched all their products - so RedHat is a little bit faster.
Of course , you can always switch to openBSD

Edit: I'm pretty sure that enterprise (paying) customers got the fix earlier.

[bonedome]

Hello
does this page not fix the problem https://repo.dovecot.org/#centos ?

[TrevorH]

That means going outside the distro and that's not really the right way to fix it.

[SpaceAce]

Just because SuSE is even slower than RedHat does not make this any better!
I critical security issue should not take months to be fixed!
It should rather be days instead!

[KernelOops]

I've been tracking this bug for several weeks now and it seems like redhat does not see it as a critical issue.

Maybe because its quite hard to exploit this bug without authenticating first, so only known users would pose a real threat. I am not sure what their reasoning is for delaying the fix on purpose.

[Pumpino]

As a followup question, does anyone know why RHEL 8 includes the same ancient version (2.2.36) of dovecot that RHEL 7 does? Why wouldn't they have moved to the 2.3 series?