>> References: >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598 > >This CVE does not exist - do you mean >http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794 No, CVE-2007-6598 is correct. Sometimes a CVE number is publicly used before it has been updated on the public CVE web server, especially with Linux distros (a couple Debian advisories today currently have the same issue). This "race condition" is an artifact of our CVE reservation and web site processes. This particular item will be on the CVE site shortly. >> http://wiki.rpath.com/Advisories:rPSA-2008-0001 > >This is rather misleading - the bug was not in Dovecot, but in >nss_ldap. You may have put a workaround into Dovecot, but it would >have been polite to mention this fact. The announcement from Timo Sirainen, the upstream developer, does not mention nss_ldap : http://dovecot.org/list/dovecot-news/2007-December/000057.html http://dovecot.org/list/dovecot-news/2007-December/000058.html ... so perhaps some clarification is in order. - Steve
