|
Bugtraq
mailing list archives
Re: rPSA-2008-0001-1 dovecot
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 3 Jan 2008 20:13:04 -0500 (EST)
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598
This CVE does not exist - do you mean
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794
No, CVE-2007-6598 is correct. Sometimes a CVE number is publicly used
before it has been updated on the public CVE web server, especially
with Linux distros (a couple Debian advisories today currently have
the same issue). This "race condition" is an artifact of our CVE
reservation and web site processes. This particular item will be on
the CVE site shortly.
http://wiki.rpath.com/Advisories:rPSA-2008-0001
This is rather misleading - the bug was not in Dovecot, but in
nss_ldap. You may have put a workaround into Dovecot, but it would
have been polite to mention this fact.
The announcement from Timo Sirainen, the upstream developer, does not
mention nss_ldap :
http://dovecot.org/list/dovecot-news/2007-December/000057.html
http://dovecot.org/list/dovecot-news/2007-December/000058.html
... so perhaps some clarification is in order.
- Steve
 By Date 
By Thread
Current thread:
- rPSA-2008-0001-1 dovecot rPath Update Announcements (Jan 03)
- <Possible follow-ups>
- Re: rPSA-2008-0001-1 dovecot Steven M. Christey (Jan 04)
| 
Intro
