[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: rPSA-2008-0001-1 dovecot
Steven M. Christey wrote:
No, CVE-2007-6598 is correct.
The announcement from Timo Sirainen, the upstream developer, does not
mention nss_ldap :
... so perhaps some clarification is in order.
rPath fixed the nss_ldap issue a month ago with rPSA-2007-0255-1. Our
mailing list archived it at
but it should have been sent to bugtraq as well.
The fix did not require any modifications to dovecot, so that is why
dovecot wasn't mentioned in the advisory.