CAN-2004-0884 (cyrus-sasl)

Oliver Brakmann obrakmann at gmx.net
Sat Oct 23 08:10:57 PDT 2004


Hi,

gentoo reported two vulnerabilities in
<http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml>.

One is fixed by upgrading to the latest release, which is 2.1.19. For
the other one, apply the attached patch.

What I find most disturbing is that the patch has been out there since
early July, in upstream's CVS even, while the advisory saw the light
only in early October! I don't know about you, but I think this is way
too long :-/

Bye,
Oliver
-- 
It's practically impossible to look at a   /\   #198843 @ http://counter.li.org
penguin and feel angry.     -- Joe Moore   \/   http://www.linuxfromscratch.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cyrus-sasl-2.1.19-sasl_path_fix-1.patch.gz
Type: application/x-gunzip
Size: 633 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-security/attachments/20041023/44288b35/attachment.bin>


More information about the lfs-security mailing list