Bugtraq: Re: rPSA-2008-0001-1 dovecot

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: rPSA-2008-0001-1 dovecot

From: Jonathan Smith <smithj () rpath com>
Date: Thu, 03 Jan 2008 22:31:59 -0900

Steven M. Christey wrote:

No, CVE-2007-6598 is correct.

> [snip]

The announcement from Timo Sirainen, the upstream developer, does not
mention nss_ldap :

  http://dovecot.org/list/dovecot-news/2007-December/000057.html
  http://dovecot.org/list/dovecot-news/2007-December/000058.html

... so perhaps some clarification is in order.

rPath fixed the nss_ldap issue a month ago with rPSA-2007-0255-1. Ourmailing list archived it athttp://lists.rpath.com/pipermail/security-announce/2007-November/000284.html,but it should have been sent to bugtraq as well.

The fix did not require any modifications to dovecot, so that is whydovecot wasn't mentioned in the advisory.


        smithj

By Date By Thread

Current thread:

rPSA-2008-0001-1 dovecot rPath Update Announcements (Jan 03)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 03)
- <Possible follow-ups>
- Re: rPSA-2008-0001-1 dovecot Steven M. Christey (Jan 04)
  - Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 04)
  - Re: rPSA-2008-0001-1 dovecot Jonathan Smith (Jan 04)