Marcus Meissner wrote:
On Thu, Apr 13, 2006 at 04:05:56PM +0200, Marcel Holtmann wrote:
Hi Alexey,
the advisory speaks about cyrus-sasl-2.1.18 and is really vague. Can you
tell us when it got fixed and point to actual patch in the CVS. I assume
that this issue has already been fixed in version 2.1.20, but I might be
wrong.
Yes, 2.1.20 should do. 2.1.21 doesn't segfault. I didn't test any
versions in between.
can you point us to the fix in the CVS for this problem, it would be
terrific to know for sure how it has been fixed.
It is apparently:
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.173&r2=1.175
Correct.
Note, that all versions up to and including 2.1.20 are vulnerable to
this problem.
