Bugtraq mailing list archives
Re: rPSA-2008-0001-1 dovecot
From: Dominic Hargreaves <dom () earth li>
Date: Thu, 3 Jan 2008 20:23:45 +0000
On Thu, Jan 03, 2008 at 01:33:39PM -0500, rPath Update Announcements wrote:
rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-2076 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598
This CVE does not exist - do you mean http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794 ?
Description: Previous versions of the dovecot package contain multiple vulnerabilities, the most serious of which might confuse LDAP-authenticated logins between different users with the same password. Other vulnerabilities include Denials of Service which appear to be limited to the connecting user. http://wiki.rpath.com/Advisories:rPSA-2008-0001
This is rather misleading - the bug was not in Dovecot, but in nss_ldap. You may have put a workaround into Dovecot, but it would have been polite to mention this fact. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Current thread:
- rPSA-2008-0001-1 dovecot rPath Update Announcements (Jan 03)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 03)
- <Possible follow-ups>
- Re: rPSA-2008-0001-1 dovecot Steven M. Christey (Jan 04)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 04)
- Re: rPSA-2008-0001-1 dovecot Jonathan Smith (Jan 04)