Hi, On 09:00 Tue 11 Apr , Salvatore Bonaccorso wrote: > So the problem is present, and was a quite bad mistake on my end. Aki > tracked it down, and although the patch applies back to 2.2.10 the > vulnerability itself was only introduced with > https://github.com/dovecot/core/commit/a3783f8a3c9cd816b51e77a922f82301512fcf22 > and thus not back to 2.2.10.
git describe --contains d28ac272af22913188bbd6a71833560ad26b2e6c 2.2.26~369 So, it's only Stretch that's currently affected. Aki, just to make sure, there's no need to cherry-pick anything more than 21d083ff for 2.2.27 to be fixed, right? Regards, Apollon

