Re: [SECURITY] [DSA 1807-1] New cyrus-sasl2/cyrus-sasl2-heimdal packages fix arbitrary code execution

On Mon, Jun 15, 2009 at 06:10:29PM +0200, Nico Golde wrote: > Hi, > * Thijs Kinkhorst [2009-06-15 17:39]: > > On Mon, June 15, 2009 16:42, Dominic Hargreaves wrote: > > >> For the oldstable distribution (etch), this problem will be fixed soon. > > >> > > > > > > 2.1.22.dfsg1-8+etch1 has now appear

Re: [SECURITY] [DSA 1807-1] New cyrus-sasl2/cyrus-sasl2-heimdal packages fix arbitrary code execution

Hi, * Thijs Kinkhorst [2009-06-15 17:39]: > On Mon, June 15, 2009 16:42, Dominic Hargreaves wrote: > >> For the oldstable distribution (etch), this problem will be fixed soon. > >> > > > > 2.1.22.dfsg1-8+etch1 has now appeared in the security archive which > > appears to fix this problem, but no s

Re: [SECURITY] [DSA 1807-1] New cyrus-sasl2/cyrus-sasl2-heimdal packages fix arbitrary code execution

On Mon, June 15, 2009 16:42, Dominic Hargreaves wrote: >> For the oldstable distribution (etch), this problem will be fixed soon. >> > > 2.1.22.dfsg1-8+etch1 has now appeared in the security archive which > appears to fix this problem, but no subsequent advisory has been released. > Is this an ove

Re: [SECURITY] [DSA 1807-1] New cyrus-sasl2/cyrus-sasl2-heimdal packages fix arbitrary code execution

On Mon, Jun 01, 2009 at 02:42:10PM +0200, Nico Golde wrote: > James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, > a free library implementing the Simple Authentication and Security Layer, > suffers from a missing null termination in certain situations. This causes > sever