Hey folks, Is the cyrus-sasl-1.5.24 tarball vulnerable to this, or is just the RedHat rpm vulnerable?
If the tarball is vulnerable, has it been fixed in 1.5.27? Thanks, Barton Security Advisory - RHSA-2001:150-06 ------------------------------------------------------------------------------ Description: The default logging callback function supplied by the Cyrus SASL library suffers from a format-string vulnerability. This function is used when a server which uses Cyrus SASL attempts to set or change a user's secrets. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-0869 to this issue. ------------------------------------------------------------------------------
