|
Bugtraq
mailing list archives
Re: rPSA-2008-0001-1 dovecot
From: Dominic Hargreaves <dom () earth li>
Date: Fri, 4 Jan 2008 09:16:20 +0000
On Thu, Jan 03, 2008 at 08:13:04PM -0500, Steven M. Christey wrote:
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598
This CVE does not exist - do you mean
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794
No, CVE-2007-6598 is correct. Sometimes a CVE number is publicly used
before it has been updated on the public CVE web server, especially
with Linux distros (a couple Debian advisories today currently have
the same issue). This "race condition" is an artifact of our CVE
reservation and web site processes. This particular item will be on
the CVE site shortly.
http://wiki.rpath.com/Advisories:rPSA-2008-0001
This is rather misleading - the bug was not in Dovecot, but in
nss_ldap. You may have put a workaround into Dovecot, but it would
have been polite to mention this fact.
The announcement from Timo Sirainen, the upstream developer, does not
mention nss_ldap :
http://dovecot.org/list/dovecot-news/2007-December/000057.html
http://dovecot.org/list/dovecot-news/2007-December/000058.html
... so perhaps some clarification is in order.
My apologies then - it looks like I made a bad assumption!
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
 By Date 
By Thread
Current thread:
|
Intro
