Hi Alexey, > >We saw this advisory for cyrus-sasl, but can't see the problem > >or the real issue. > > > >http://labs.musecurity.com/advisories/MU-200604-01.txt > > > >Is this issue for real? > > > > > Yes, certain malformed input can cause segfault in the server side > DIGEST-MD5 plugin. > DIGEST-MD5 client side might be affected as well. the advisory speaks about cyrus-sasl-2.1.18 and is really vague. Can you tell us when it got fixed and point to an actual patch in the CVS. I assume that this issue has already been fixed in version 2.1.20, but also I might be wrong with this assumption. Regards Marcel
