Bugtraq mailing list archives
Re: rPSA-2008-0001-1 dovecot
From: Jonathan Smith <smithj () rpath com>
Date: Thu, 03 Jan 2008 22:31:59 -0900
Steven M. Christey wrote:
No, CVE-2007-6598 is correct.
> [snip]
The announcement from Timo Sirainen, the upstream developer, does not mention nss_ldap : http://dovecot.org/list/dovecot-news/2007-December/000057.html http://dovecot.org/list/dovecot-news/2007-December/000058.html ... so perhaps some clarification is in order.
rPath fixed the nss_ldap issue a month ago with rPSA-2007-0255-1. Our mailing list archived it at http://lists.rpath.com/pipermail/security-announce/2007-November/000284.html, but it should have been sent to bugtraq as well.
The fix did not require any modifications to dovecot, so that is why dovecot wasn't mentioned in the advisory.
smithj
Current thread:
- rPSA-2008-0001-1 dovecot rPath Update Announcements (Jan 03)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 03)
- <Possible follow-ups>
- Re: rPSA-2008-0001-1 dovecot Steven M. Christey (Jan 04)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 04)
- Re: rPSA-2008-0001-1 dovecot Jonathan Smith (Jan 04)