remote cyrus exploits?

Michael Sims michaels at crye-leike.com
Tue Nov 23 09:40:13 EST 2004


Derrick J Brashear wrote:
> On Mon, 22 Nov 2004, David Powicki wrote:
>> What's the word on susceptibility of versions based on the remote
>> vulnerability documented at:
>>
>> http://security.e-matters.de/advisories/152004.html
>>
>> Are ALL versions of cyrus pre-2.2.9 vulnerable, including 2.1.X?
>
> If you read the report at the URL he summarizes which versions have
> which bugs. The PARTIAL and FETCH bugs are there earlier, including
> in 2.1.x.

Hi,

Are there any plans to release an official 2.1.17 to address these issues or should
those of us running 2.1.x (who don't wish to maintain local patches) upgrade to
2.2.9?

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list