On Monday April 28 2014 15:45:13 Clemens Lang wrote: > Hi Winfried > > > I reinstalled dovecot from the MacPorts packages server but to no avail. The > > vulnerability is still there. [...]
> > > To summerize: > > - dovecot is vulnerable on my system regardless whether the binaries are > > build via MacPort or via the original tarballs. > > - apache is not vulnerable using the same OpenSSL library. > > - dovecot is not vulnerable if the machine is safe-booted. > > This is all really weird. I haven't read the whole thread in detail, so surely this has been done already - did you check what openssl binary gets loaded (or more generally, what files get loaded, for instance using lsof) by dovecot and/or apache, in regular vs. safeboot mode? The first thought your symptoms above evoke is that you have a vulnerable library hanging around that gets loaded instead of the uptodate version when you've booted normally. R _______________________________________________ macports-users mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-users
