Bugtraq mailing list archives

Re: rPSA-2008-0001-1 dovecot

From: Jonathan Smith <smithj () rpath com>
Date: Thu, 03 Jan 2008 22:31:59 -0900

Steven M. Christey wrote:

No, CVE-2007-6598 is correct.

> [snip]

The announcement from Timo Sirainen, the upstream developer, does not
mention nss_ldap :

  http://dovecot.org/list/dovecot-news/2007-December/000057.html
  http://dovecot.org/list/dovecot-news/2007-December/000058.html

... so perhaps some clarification is in order.

rPath fixed the nss_ldap issue a month ago with rPSA-2007-0255-1. Ourmailing list archived it athttp://lists.rpath.com/pipermail/security-announce/2007-November/000284.html,but it should have been sent to bugtraq as well.

The fix did not require any modifications to dovecot, so that is whydovecot wasn't mentioned in the advisory.


        smithj

Current thread:

rPSA-2008-0001-1 dovecot rPath Update Announcements (Jan 03)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 03)
- <Possible follow-ups>
- Re: rPSA-2008-0001-1 dovecot Steven M. Christey (Jan 04)
  - Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 04)
  - Re: rPSA-2008-0001-1 dovecot Jonathan Smith (Jan 04)