|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jonathan Smith (smithj
rpath.com)
Date: Fri Jan 04 2008 - 01:31:59 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Steven M. Christey wrote:
> No, CVE-2007-6598 is correct.
> [snip]
> The announcement from Timo Sirainen, the upstream developer, does not
> mention nss_ldap :
>
> http://dovecot.org/list/dovecot-news/2007-December/000057.html
> http://dovecot.org/list/dovecot-news/2007-December/000058.html
>
> ... so perhaps some clarification is in order.
rPath fixed the nss_ldap issue a month ago with rPSA-2007-0255-1. Our
mailing list archived it at
http://lists.rpath.com/pipermail/security-announce/2007-November/000284.html,
but it should have been sent to bugtraq as well.
The fix did not require any modifications to dovecot, so that is why
dovecot wasn't mentioned in the advisory.
smithj
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]