Re: security advisory regarding cyrus-sasl?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Marcus Meissner wrote:

On Thu, Apr 13, 2006 at 04:05:56PM +0200, Marcel Holtmann wrote:
Hi Alexey,
the advisory speaks about cyrus-sasl-2.1.18 and is really vague. Can you
tell us when it got fixed and point to actual patch in the CVS. I assume
that this issue has already been fixed in version 2.1.20, but I might be
wrong.
Yes, 2.1.20 should do. 2.1.21 doesn't segfault. I didn't test any versions in between.
can you point us to the fix in the CVS for this problem, it would be
terrific to know for sure how it has been fixed.
It is apparently:

https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.173&r2=1.175
Correct.
Note, that all versions up to and including 2.1.20 are vulnerable to this problem.


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux