Bugtraq mailing list archives
Re: rPSA-2008-0001-1 dovecot
From: Dominic Hargreaves <dom () earth li>
Date: Fri, 4 Jan 2008 09:16:20 +0000
On Thu, Jan 03, 2008 at 08:13:04PM -0500, Steven M. Christey wrote:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598This CVE does not exist - do you mean http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794No, CVE-2007-6598 is correct. Sometimes a CVE number is publicly used before it has been updated on the public CVE web server, especially with Linux distros (a couple Debian advisories today currently have the same issue). This "race condition" is an artifact of our CVE reservation and web site processes. This particular item will be on the CVE site shortly.http://wiki.rpath.com/Advisories:rPSA-2008-0001This is rather misleading - the bug was not in Dovecot, but in nss_ldap. You may have put a workaround into Dovecot, but it would have been polite to mention this fact.The announcement from Timo Sirainen, the upstream developer, does not mention nss_ldap : http://dovecot.org/list/dovecot-news/2007-December/000057.html http://dovecot.org/list/dovecot-news/2007-December/000058.html ... so perhaps some clarification is in order.
My apologies then - it looks like I made a bad assumption! Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Current thread:
- rPSA-2008-0001-1 dovecot rPath Update Announcements (Jan 03)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 03)
- <Possible follow-ups>
- Re: rPSA-2008-0001-1 dovecot Steven M. Christey (Jan 04)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 04)
- Re: rPSA-2008-0001-1 dovecot Jonathan Smith (Jan 04)