Message-ID: <email address hidden>
Date: Mon, 29 Nov 2004 19:50:17 +0100
From: Martin Schulze <email address hidden>
To: Henrique de Moraes Holschuh <email address hidden>
Cc: <email address hidden>, Martin Pitt <email address hidden>,
<email address hidden>
Subject: Re: Bug#282681: cyrus21-imapd: Vulnerable to CAN-2004-1012 and -13
Henrique de Moraes Holschuh wrote:
> > > Note that there was a SASL buffer overflow fix on upstream CVS, for which I
> > > had no CVE references. I have no idea if it was just a bad behaviour fix, or
> > > a security hole fix. Maybe this is CAN-2004-1015?
> >
> > Could that be DSA 563 alias CAN-2004-0884?
>
> No. It is related to mysasl_canon_user, and it was not in my tree yet. See
> the attached patch.
Please use CAN-2004-1067 for the new SASL bug. Please add this id to
the proper changelog entry with the next upload.
Am I right that it doesn't affect woody?
Regards,
Joey
--
Everybody talks about it, but nobody does anything about it! -- Mark Twain
Please always Cc to me when replying to me on the lists.
Message-ID: <email address hidden>
Date: Mon, 29 Nov 2004 19:50:17 +0100
From: Martin Schulze <email address hidden>
To: Henrique de Moraes Holschuh <email address hidden>
Cc: <email address hidden>, Martin Pitt <email address hidden>,
<email address hidden>
Subject: Re: Bug#282681: cyrus21-imapd: Vulnerable to CAN-2004-1012 and -13
Henrique de Moraes Holschuh wrote:
> > > Note that there was a SASL buffer overflow fix on upstream CVS, for which I
> > > had no CVE references. I have no idea if it was just a bad behaviour fix, or
> > > a security hole fix. Maybe this is CAN-2004-1015?
> >
> > Could that be DSA 563 alias CAN-2004-0884?
>
> No. It is related to mysasl_canon_user, and it was not in my tree yet. See
> the attached patch.
Please use CAN-2004-1067 for the new SASL bug. Please add this id to
the proper changelog entry with the next upload.
Am I right that it doesn't affect woody?
Regards,
Joey
--
Everybody talks about it, but nobody does anything about it! -- Mark Twain
Please always Cc to me when replying to me on the lists.