[Fwd: CAN-2004-0884 (cyrus-sasl)]

Randy McMurchy randy at linuxfromscratch.org
Sat Oct 23 08:16:27 PDT 2004



-------- Original Message --------
Subject: CAN-2004-0884 (cyrus-sasl)
Date: Sat, 23 Oct 2004 17:10:57 +0200
From: Oliver Brakmann <obrakmann at gmx.net>
Reply-To: LFS Security Discussion List <lfs-security at linuxfromscratch.org>
To: LFS Patches <patches at linuxfromscratch.org>,   lfs-security at linuxfromscratch.org

Hi,

gentoo reported two vulnerabilities in
<http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml>.

One is fixed by upgrading to the latest release, which is 2.1.19. For
the other one, apply the attached patch.

What I find most disturbing is that the patch has been out there since
early July, in upstream's CVS even, while the advisory saw the light
only in early October! I don't know about you, but I think this is way
too long :-/

Bye,
Oliver
-- 
It's practically impossible to look at a   /\   #198843 @ http://counter.li.org
penguin and feel angry.     -- Joe Moore   \/   http://www.linuxfromscratch.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: cyrus-sasl-2.1.19-sasl_path_fix-1.patch.gz
Type: application/x-gunzip
Size: 633 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-dev/attachments/20041023/db6caf2d/attachment.bin>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: file:///tmp/nsmail-1.asc
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-dev/attachments/20041023/db6caf2d/attachment.asc>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: file:///tmp/nsmail-2.asc
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-dev/attachments/20041023/db6caf2d/attachment-0001.asc>


More information about the lfs-dev mailing list