On 28 Apr 2015, at 11:35, Timo Sirainen <tss at iki.fi> wrote:> > On 28 Apr 2015, at 04:15, Edwardo Garcia <wdgarc88 at gmail.com> wrote: >> When can we expect 2.2.17 to resolve this? > > As far as I know this doesn't affect any of the major distributions where Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I don't see this as especially critical issue. But I'm planning on v2.2.17 release sometimes soon anyway for other reasons.Oh, forgot to post also the committed patch fixing this: http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
* Timo Sirainen schrieb am 28.04.15 um 11:35 Uhr:>On 28 Apr 2015, at 11:35, Timo Sirainen <tss at iki.fi> wrote: >> >> On 28 Apr 2015, at 04:15, Edwardo Garcia <wdgarc88 at gmail.com> wrote: >>> When can we expect 2.2.17 to resolve this? >> >> As far as I know this doesn't affect any of the major distributions where Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I don't see this as especially critical issue. But I'm planning on v2.2.17 release sometimes soon anyway for other reasons. > >Oh, forgot to post also the committed patch fixing this: http://hg.dovecot.org/dovecot-2.2/rev/86f535375750Hi Timo, does this affect 2.2.16 *only*? thx -Marc -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
On 28 Apr 2015, at 11:43, Marc Schiffbauer <m at sys4.de> wrote:> > * Timo Sirainen schrieb am 28.04.15 um 11:35 Uhr: >> On 28 Apr 2015, at 11:35, Timo Sirainen <tss at iki.fi> wrote: >>> >>> On 28 Apr 2015, at 04:15, Edwardo Garcia <wdgarc88 at gmail.com> wrote: >>>> When can we expect 2.2.17 to resolve this? >>> >>> As far as I know this doesn't affect any of the major distributions where Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I don't see this as especially critical issue. But I'm planning on v2.2.17 release sometimes soon anyway for other reasons. >> >> Oh, forgot to post also the committed patch fixing this: http://hg.dovecot.org/dovecot-2.2/rev/86f535375750 > > Hi Timo, > > does this affect 2.2.16 *only*?The code has been there v2.2.14 - v2.2.16. I'm not sure if it could have affected older versions also in some way.
On 4/28/15, Timo Sirainen <tss at iki.fi> wrote:> On 28 Apr 2015, at 11:35, Timo Sirainen <tss at iki.fi> wrote: >> >> On 28 Apr 2015, at 04:15, Edwardo Garcia <wdgarc88 at gmail.com> wrote: >>> When can we expect 2.2.17 to resolve this? >> >> As far as I know this doesn't affect any of the major distributions where >> Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard iMost of those distributions are way outdate version anyway, if they were not maybe problem be seen too>> happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I >> don't see this as especially critical issue. But I'm planning on v2.2.17 >> release sometimes soon anyway for other reasons. > > Oh, forgot to post also the committed patch fixing this: > http://hg.dovecot.org/dovecot-2.2/rev/86f535375750 >Thank you, with couple million users we can not afford take chance, so will apply patch this morning on all servers.