[Dovecot] Heartbleed openssl vulnerability?
Patrick Ben Koetter
p at sys4.de
Tue Apr 8 17:21:05 UTC 2014
* John Rowe <J.M.Rowe at exeter.ac.uk>:
> Do we know if dovecot is vulnerable to the heartbleed SSL problem?
ANY application using the affected OpenSSL versions is vulnerable. That
includes dovecot.
> I'm running dovecot-2.0.9 and openssl-1.01, the latter being
> intrinsically vulnerable. An on-line tool says that my machine is not
> affected on port 993 but it would be nice to know for sure if we were
> vulnerable for a while. (Naturally I've blocked it anyway!).
>
> Thanks
>
> John
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list