Comment 0 for bug 1381537

The current version of dovecot in Ubuntu 12.04 LTS, Precise Pangolin is 2.0.19

This version is too old to switch off SSLv3 which has been designated insecure as of the recent "poodle" discovery [1].
In dovecot versions 2.1+ the protocol can be switched off, but for older versions the source code would need to be patched [2,3]

I asked the Ubuntu team to either backport a patch to 2.0.19, or package a newer version of dovecot for precise.

[1] https://www.openssl.org/~bodo/ssl-poodle.pdf
[2] http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
[3] http://<email address hidden>/msg59945.html

source package in precise security: dovecot 1:2.0.19-0ubuntu2.1