Bugtraq mailing list archives
Re: rPSA-2008-0001-1 dovecot
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 3 Jan 2008 20:13:04 -0500 (EST)
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598This CVE does not exist - do you mean http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794
No, CVE-2007-6598 is correct. Sometimes a CVE number is publicly used before it has been updated on the public CVE web server, especially with Linux distros (a couple Debian advisories today currently have the same issue). This "race condition" is an artifact of our CVE reservation and web site processes. This particular item will be on the CVE site shortly.
http://wiki.rpath.com/Advisories:rPSA-2008-0001This is rather misleading - the bug was not in Dovecot, but in nss_ldap. You may have put a workaround into Dovecot, but it would have been polite to mention this fact.
The announcement from Timo Sirainen, the upstream developer, does not mention nss_ldap : http://dovecot.org/list/dovecot-news/2007-December/000057.html http://dovecot.org/list/dovecot-news/2007-December/000058.html ... so perhaps some clarification is in order. - Steve
Current thread:
- rPSA-2008-0001-1 dovecot rPath Update Announcements (Jan 03)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 03)
- <Possible follow-ups>
- Re: rPSA-2008-0001-1 dovecot Steven M. Christey (Jan 04)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 04)
- Re: rPSA-2008-0001-1 dovecot Jonathan Smith (Jan 04)