cyrus-sasl2-mit 2.1.19-1.1 source package in Ubuntu

Changelog

cyrus-sasl2-mit (2.1.19-1.1) unstable; urgency=emergency


  * NMU
  * resync to cyrus-sasl2 2.1.19-1.5):
    * SECURITY FIX: SASL_PATH environment variable must not be honoured on
      setuid environments, otherwise we have a local privilege escalation
      exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02;
      GLSA 200410-05 (closes: #276865)
      * upstream CVS: lib/common.c: don't honor SASL_PATH in setuid
        environment. from Gentoo (CVE CAN-2004-0884);
      * Fix to upstream CVS security fix: initialize *path = NULL
    * upstream CVS: plugins/kerberos4.c: document weirdness with openssl DES
    * upstream CVS: plugins/cram.c,plugins/anonymous.c,plugins/login.c,
      plugins/plain.c,plugins/sasldb.c: Fixed several 64 bit portability
      warnings
    * Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid
      problems with the braindead idea of globals SASL has, and with libraries
      that think they can get around mucking with them (hello openldap!)
    * Add Build-Conflicts: autoconf2.13, automake1.4

 -- Henrique de Moraes Holschuh <email address hidden>  Sun, 17 Oct 2004 00:43:17 -0300