CVE-2015-3420
Timo Sirainen
tss at iki.fi
Tue Apr 28 09:35:45 UTC 2015
On 28 Apr 2015, at 11:35, Timo Sirainen <tss at iki.fi> wrote:
>
> On 28 Apr 2015, at 04:15, Edwardo Garcia <wdgarc88 at gmail.com> wrote:
>> When can we expect 2.2.17 to resolve this?
>
> As far as I know this doesn't affect any of the major distributions where Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I don't see this as especially critical issue. But I'm planning on v2.2.17 release sometimes soon anyway for other reasons.
Oh, forgot to post also the committed patch fixing this: http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
More information about the dovecot
mailing list