CAN-2004-0884 (cyrus-sasl)

Oliver Brakmann obrakmann at
Sat Oct 23 08:10:57 PDT 2004


gentoo reported two vulnerabilities in

One is fixed by upgrading to the latest release, which is 2.1.19. For
the other one, apply the attached patch.

What I find most disturbing is that the patch has been out there since
early July, in upstream's CVS even, while the advisory saw the light
only in early October! I don't know about you, but I think this is way
too long :-/

It's practically impossible to look at a   /\   #198843 @
penguin and feel angry.     -- Joe Moore   \/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cyrus-sasl-2.1.19-sasl_path_fix-1.patch.gz
Type: application/x-gunzip
Size: 633 bytes
Desc: not available
URL: <>

More information about the lfs-security mailing list