| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Jan 2008 09:16:20 +0000 From: Dominic Hargreaves <dom@...th.li> To: "Steven M. Christey" <coley@...re.org> Cc: bugtraq@...urityfocus.com Subject: Re: rPSA-2008-0001-1 dovecot On Thu, Jan 03, 2008 at 08:13:04PM -0500, Steven M. Christey wrote: > > >> References: > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598 > > > >This CVE does not exist - do you mean > >http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794 > > No, CVE-2007-6598 is correct. Sometimes a CVE number is publicly used > before it has been updated on the public CVE web server, especially > with Linux distros (a couple Debian advisories today currently have > the same issue). This "race condition" is an artifact of our CVE > reservation and web site processes. This particular item will be on > the CVE site shortly. > > >> http://wiki.rpath.com/Advisories:rPSA-2008-0001 > > > >This is rather misleading - the bug was not in Dovecot, but in > >nss_ldap. You may have put a workaround into Dovecot, but it would > >have been polite to mention this fact. > > The announcement from Timo Sirainen, the upstream developer, does not > mention nss_ldap : > > http://dovecot.org/list/dovecot-news/2007-December/000057.html > http://dovecot.org/list/dovecot-news/2007-December/000058.html > > ... so perhaps some clarification is in order. My apologies then - it looks like I made a bad assumption! Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Powered by blists - more mailing lists