Marcel Holtmann wrote:
Hi Alexey,
We saw this advisory for cyrus-sasl, but can't see the problem
or the real issue.
http://labs.musecurity.com/advisories/MU-200604-01.txt
Is this issue for real?
Yes, certain malformed input can cause segfault in the server side
DIGEST-MD5 plugin.
DIGEST-MD5 client side might be affected as well.
the advisory speaks about cyrus-sasl-2.1.18 and is really vague. Can you
tell us when it got fixed and point to actual patch in the CVS. I assume
that this issue has already been fixed in version 2.1.20, but I might be
wrong.
Yes, 2.1.20 should do. 2.1.21 doesn't segfault. I didn't test any
versions in between.
