Re: Cyrus IMSPd 1.6a4 and 1.7a Released

2003-12-31 Thread Scott Adkins
--On Friday, December 12, 2003 4:53 PM -0500 Cyrus Daboo <[EMAIL PROTECTED]> wrote: Hi Scott, --On Friday, December 12, 2003 3:10 PM -0500 Scott Adkins <[EMAIL PROTECTED]> wrote: | Are there changelogs for these releases? I am particularly interested in | whether or not the SSL patches previous

Re: Cyrus IMSPd 1.6a4 and 1.7a Released

2003-12-12 Thread Cyrus Daboo
Hi Scott, --On Friday, December 12, 2003 3:10 PM -0500 Scott Adkins <[EMAIL PROTECTED]> wrote: | Are there changelogs for these releases? I am particularly interested in | whether or not the SSL patches previously posted for IMSP has been rolled | in or not. What is the difference between the

Re: Cyrus IMSPd 1.6a4 and 1.7a Released

2003-12-12 Thread Ted Cabeen
Rob Siemborski <[EMAIL PROTECTED]> writes: > On Fri, 12 Dec 2003, Ted Cabeen wrote: > >> Do you have a patch for the vulnerability? > > Yes, however there are a *lot* of places that are likely to contain > unproven vulnerabilities that are also fixed in this release. > > https://bugzilla.andrew.cm

Re: Cyrus IMSPd 1.6a4 and 1.7a Released

2003-12-12 Thread Scott Adkins
Are there changelogs for these releases? I am particularly interested in whether or not the SSL patches previously posted for IMSP has been rolled in or not. What is the difference between the 1.6 and 1.7 releases, since they were both released at the same time? Scott --On Friday, December 12, 2

Re: Cyrus IMSPd 1.6a4 and 1.7a Released

2003-12-12 Thread Ted Cabeen
Rob Siemborski <[EMAIL PROTECTED]> writes: > This message is to announce the release of Cyrus IMSPd 1.6a4 and 1.7a on > ftp.andrew.cmu.edu > > These releases correct a recently discovered buffer overflow > vulnerability, as well as clean up a significant amount of buffer handling > throughout the

Re: Cyrus IMSPd 1.6a4 and 1.7a Released

2003-12-12 Thread Rob Siemborski
On Fri, 12 Dec 2003, Ted Cabeen wrote: > Do you have a patch for the vulnerability? Yes, however there are a *lot* of places that are likely to contain unproven vulnerabilities that are also fixed in this release. https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrusimsp/imsp/abook.c.diff

Re: Cyrus IMSPd 1.6a4 and 1.7a Released

2003-12-12 Thread Rob Siemborski
On Fri, 12 Dec 2003, Scott Adkins wrote: > Are there changelogs for these releases? I am particularly interested in > whether or not the SSL patches previously posted for IMSP has been rolled > in or not. What is the difference between the 1.6 and 1.7 releases, since > they were both released at

Cyrus IMSPd 1.6a4 and 1.7a Released

2003-12-12 Thread Rob Siemborski
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This message is to announce the release of Cyrus IMSPd 1.6a4 and 1.7a on ftp.andrew.cmu.edu These releases correct a recently discovered buffer overflow vulnerability, as well as clean up a significant amount of buffer handling throughout the code. I