On Thu, Jan 03, 2008 at 08:13:04PM -0500, Steven M. Christey wrote: > > >> References: > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598 > > > >This CVE does not exist - do you mean > >http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794 > > No, CVE-2007-6598 is correct. Sometimes a CVE number is publicly used > before it has been updated on the public CVE web server, especially > with Linux distros (a couple Debian advisories today currently have > the same issue). This "race condition" is an artifact of our CVE > reservation and web site processes. This particular item will be on > the CVE site shortly. > > >> http://wiki.rpath.com/Advisories:rPSA-2008-0001 > > > >This is rather misleading - the bug was not in Dovecot, but in > >nss_ldap. You may have put a workaround into Dovecot, but it would > >have been polite to mention this fact. > > The announcement from Timo Sirainen, the upstream developer, does not > mention nss_ldap : > > http://dovecot.org/list/dovecot-news/2007-December/000057.html > http://dovecot.org/list/dovecot-news/2007-December/000058.html > > ... so perhaps some clarification is in order. My apologies then - it looks like I made a bad assumption! Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
