[Dovecot] Heartbleed openssl vulnerability?

Patrick Ben Koetter p at sys4.de
Tue Apr 8 17:21:05 UTC 2014


* John Rowe <J.M.Rowe at exeter.ac.uk>:
> Do we know if dovecot is vulnerable to the heartbleed SSL problem?

ANY application using the affected OpenSSL versions is vulnerable. That
includes dovecot.

> I'm running dovecot-2.0.9 and openssl-1.01, the latter being
> intrinsically vulnerable. An on-line tool says that my machine is not
> affected on port 993 but it would be nice to know for sure if we were
> vulnerable for a while. (Naturally I've blocked it anyway!).
> 
> Thanks
> 
> John

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 


More information about the dovecot mailing list