BugTraq
rPSA-2008-0001-1 dovecot Jan 03 2008 06:33PM
rPath Update Announcements (announce-noreply rpath com) (1 replies)
Re: rPSA-2008-0001-1 dovecot Jan 03 2008 08:23PM
Dominic Hargreaves (dom earth li)
On Thu, Jan 03, 2008 at 01:33:39PM -0500, rPath Update Announcements wrote:

> rPath Issue Tracking System:
> https://issues.rpath.com/browse/RPL-2076
>
> References:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598

This CVE does not exist - do you mean
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794
?

> Description:
> Previous versions of the dovecot package contain multiple
> vulnerabilities, the most serious of which might confuse
> LDAP-authenticated logins between different users with the
> same password. Other vulnerabilities include Denials of
> Service which appear to be limited to the connecting user.
>
> http://wiki.rpath.com/Advisories:rPSA-2008-0001

This is rather misleading - the bug was not in Dovecot, but in nss_ldap.
You may have put a workaround into Dovecot, but it would have been
polite to mention this fact.

Dominic.

--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus