<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: rPSA-2008-0001-1 dovecot

Re: rPSA-2008-0001-1 dovecot

From: Jonathan Smith <smithj_at_rpath.com>
Date: Thu, 03 Jan 2008 22:31:59 -0900

Steven M. Christey wrote:
> No, CVE-2007-6598 is correct.
> [snip]
> The announcement from Timo Sirainen, the upstream developer, does not
> mention nss_ldap :
>
> http://dovecot.org/list/dovecot-news/2007-December/000057.html
> http://dovecot.org/list/dovecot-news/2007-December/000058.html
>
> ... so perhaps some clarification is in order.

rPath fixed the nss_ldap issue a month ago with rPSA-2007-0255-1. Our
mailing list archived it at
http://lists.rpath.com/pipermail/security-announce/2007-November/000284.html,
but it should have been sent to bugtraq as well.

The fix did not require any modifications to dovecot, so that is why
dovecot wasn't mentioned in the advisory.

smithj
Received on Jan 04 2008

This message: [ Message body ]
Next message: Luigi Auriemma: "Multiple vulnerabilities in yaSSL 1.7.5"
Previous message: Dominic Hargreaves: "Re: rPSA-2008-0001-1 dovecot"
In reply to: Steven M. Christey: "Re: rPSA-2008-0001-1 dovecot"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]