Re: rPSA-2008-0001-1 dovecot

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: rPSA-2008-0001-1 dovecot
From: Dominic Hargreaves <dom@xxxxxxxx>
Date: Thu, 3 Jan 2008 20:23:45 +0000
In-reply-to: <477d2a83.r5Kp7P7DBrgd7xA8%announce-noreply@xxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <477d2a83.r5Kp7P7DBrgd7xA8%announce-noreply@xxxxxxxxx>
User-agent: Mutt/1.5.13 (2006-08-11)

On Thu, Jan 03, 2008 at 01:33:39PM -0500, rPath Update Announcements wrote:

> rPath Issue Tracking System:
>     https://issues.rpath.com/browse/RPL-2076
> 
> References:
>     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598

This CVE does not exist - do you mean
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794
?

> Description:
>     Previous versions of the dovecot package contain multiple
>     vulnerabilities, the most serious of which might confuse
>     LDAP-authenticated logins between different users with the
>     same password.  Other vulnerabilities include Denials of
>     Service which appear to be limited to the connecting user.
> 
> http://wiki.rpath.com/Advisories:rPSA-2008-0001

This is rather misleading - the bug was not in Dovecot, but in nss_ldap.
You may have put a workaround into Dovecot, but it would have been
polite to mention this fact.

Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

References:
- rPSA-2008-0001-1 dovecot
  - From: rPath Update Announcements

Prev by Date: Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability
Next by Date: [SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities
Previous by thread: rPSA-2008-0001-1 dovecot
Next by thread: Re: rPSA-2008-0001-1 dovecot
Index(es):
- Date
- Thread