Rob Siemborski <[EMAIL PROTECTED]> writes: > On Fri, 12 Dec 2003, Ted Cabeen wrote: > >> Do you have a patch for the vulnerability? > > Yes, however there are a *lot* of places that are likely to contain > unproven vulnerabilities that are also fixed in this release. > > https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrusimsp/imsp/abook.c.diff?r1=1.18&r2=1.19 > > Is the patch for the advisory that n.runs is about to publish. I strongly > recommend you look at a full upgrade however.
Hmmm that's a start. A patch that goes from 1.7 to 1.7a would be nice if there were other good fixed. If you don't want to generate it, I can. Getting imsp to compile here was a pain because of integrating the lib directory from the current cyrus into IMSP so that it would compile and run correctly. -- Ted Cabeen Sr. Systems/Network Administrator Impulse Internet Services