CVE-2015-3420

Timo Sirainen tss at iki.fi
Tue Apr 28 09:35:03 UTC 2015


On 28 Apr 2015, at 04:15, Edwardo Garcia <wdgarc88 at gmail.com> wrote:
> When can we expect 2.2.17 to resolve this?

As far as I know this doesn't affect any of the major distributions where Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I don't see this as especially critical issue. But I'm planning on v2.2.17 release sometimes soon anyway for other reasons.



More information about the dovecot mailing list