Hi Roberto, On Fr 20 Dez 2019 16:36:05 CET, Roberto C. Sánchez wrote:
On Fri, Dec 20, 2019 at 01:06:39PM +0100, Mike Gabriel wrote:Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of cyrus-sasl2: https://security-tracker.debian.org/tracker/CVE-2019-19906 Would you like to take care of this yourself?Hi Mike, I had intended to take care of this, but it seems you have already done it. Thanks for your help. Did you encounter any issues that might concern making the update or applying the patch in stretch or buster versions of cyrus-sasl? Regards, -Roberto
In fact, I have upgrade my jessie-mailserver with the fix and it seems to be all good.
However, I am not 100% sure, if my setup (cyrus-imap + postfix via saslauthd behind LDAP, etc.) hits the exact code path.
Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunweaver@debian.org, http://sunweavers.net
Attachment:
pgpwFBuLZt7fq.pgp
Description: Digitale PGP-Signatur