See https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html
hmm one could say waiting for distro repo.....
What should be policy with higher risks CVE's ?
I think there must be a special forum main topic for that here, to warn at time and have faster if high risk updates or temp workarrounds?
Dear subscribers, we have been made aware of critical vulnerability in
Dovecot and Pigeonhole.
---
Open-Xchange Security Advisory 2019-08-14
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3278
Vulnerability type: Improper input validation (CWE-20)
Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4
Vulnerable component: IMAP and ManageSieve protocol parsers (before and
only using this also as example for having such here in forum!