Cyrus IMSPd 1.6a4 and 1.7a Released
Ted Cabeen
ted at impulse.net
Fri Dec 12 15:34:08 EST 2003
Rob Siemborski <rjs3 at andrew.cmu.edu> writes:
> On Fri, 12 Dec 2003, Ted Cabeen wrote:
>
>> Do you have a patch for the vulnerability?
>
> Yes, however there are a *lot* of places that are likely to contain
> unproven vulnerabilities that are also fixed in this release.
>
> https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrusimsp/imsp/abook.c.diff?r1=1.18&r2=1.19
>
> Is the patch for the advisory that n.runs is about to publish. I strongly
> recommend you look at a full upgrade however.
Hmmm that's a start. A patch that goes from 1.7 to 1.7a would be nice
if there were other good fixed. If you don't want to generate it, I
can.
Getting imsp to compile here was a pain because of integrating the
lib directory from the current cyrus into IMSP so that it would
compile and run correctly.
--
Ted Cabeen
Sr. Systems/Network Administrator
Impulse Internet Services
More information about the Info-cyrus
mailing list