On 11.04.2017 11:04, Apollon Oikonomopoulos wrote: > Hi, > > On 09:00 Tue 11 Apr , Salvatore Bonaccorso wrote: >> So the problem is present, and was a quite bad mistake on my end. Aki >> tracked it down, and although the patch applies back to 2.2.10 the >> vulnerability itself was only introduced with >> https://github.com/dovecot/core/commit/a3783f8a3c9cd816b51e77a922f82301512fcf22 >> and thus not back to 2.2.10. > git describe --contains d28ac272af22913188bbd6a71833560ad26b2e6c > 2.2.26~369 > > So, it's only Stretch that's currently affected. Aki, just to make sure, > there's no need to cherry-pick anything more than 21d083ff for 2.2.27 to > be fixed, right? > > Regards, > Apollon
That should be enough, yes. Aki
