Re: Any info on dovecot CVE-2010-0535?

[Geoff Keating <geoffk () apple com>]

On 07/04/2013, at 6:29 pm, Michael Gilbert <mgilbert () debian org> wrote:

> I'm in the process of reviewing some older untriaged issues in the
> Debian security tracker.  I came across this Apple id (CVE-2010-0535)
> in dovecot.  Being Apple advisory, there is absolutely no useful
> information included, but based on the text, the issue is dependent on
> Kerberos.
>
> I found no other dovecot CVEs involving Kerberos, so the question I
> have is whether this is still currently an unfixed issue affecting
> dovecot?  Was it Apple-specific?

Hi Michael,

This is Apple-specific.  It affects the db-od auth method.

> Generally, what can be done by
> distro security teams about issues with no actionable information?
> Would Mitre be willing to nudge Apple for information?

Apple's on this list so you can always just ask...