CVE-2015-3420

Marc Schiffbauer m at sys4.de
Tue Apr 28 09:43:28 UTC 2015


* Timo Sirainen schrieb am 28.04.15 um 11:35 Uhr:
>On 28 Apr 2015, at 11:35, Timo Sirainen <tss at iki.fi> wrote:
>>
>> On 28 Apr 2015, at 04:15, Edwardo Garcia <wdgarc88 at gmail.com> wrote:
>>> When can we expect 2.2.17 to resolve this?
>>
>> As far as I know this doesn't affect any of the major distributions where Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I don't see this as especially critical issue. But I'm planning on v2.2.17 release sometimes soon anyway for other reasons.
>
>Oh, forgot to post also the committed patch fixing this: http://hg.dovecot.org/dovecot-2.2/rev/86f535375750

Hi Timo,

does this affect 2.2.16 *only*?

thx
-Marc


-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


More information about the dovecot mailing list