lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080104091620.GO4317@urchin.earth.li>
Date: Fri, 4 Jan 2008 09:16:20 +0000
From: Dominic Hargreaves <dom@...th.li>
To: "Steven M. Christey" <coley@...re.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: rPSA-2008-0001-1 dovecot

On Thu, Jan 03, 2008 at 08:13:04PM -0500, Steven M. Christey wrote:
> 
> >> References:
> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598
> >
> >This CVE does not exist - do you mean
> >http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794
> 
> No, CVE-2007-6598 is correct.  Sometimes a CVE number is publicly used
> before it has been updated on the public CVE web server, especially
> with Linux distros (a couple Debian advisories today currently have
> the same issue).  This "race condition" is an artifact of our CVE
> reservation and web site processes.  This particular item will be on
> the CVE site shortly.
> 
> >> http://wiki.rpath.com/Advisories:rPSA-2008-0001
> >
> >This is rather misleading - the bug was not in Dovecot, but in
> >nss_ldap.  You may have put a workaround into Dovecot, but it would
> >have been polite to mention this fact.
> 
> The announcement from Timo Sirainen, the upstream developer, does not
> mention nss_ldap :
> 
>   http://dovecot.org/list/dovecot-news/2007-December/000057.html
>   http://dovecot.org/list/dovecot-news/2007-December/000058.html
> 
> ... so perhaps some clarification is in order.

My apologies then - it looks like I made a bad assumption!

Cheers,

Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ