"A denial of service condition exists in the SASL authentication library during
DIGEST-MD5 negotiation. This potentially affects multiple products that use
SASL DIGEST-MD5 authentication including OpenLDAP, Sendmail, Postfix, Apple,
All users of this authentication library are recommended to upgrade to 2.1.21
which fixes these problems."
2.1.21 is now ~arch on every arch.
seen on full-disclosure@
2.1.21 corrects the vuln, while last stable is 2.1.20.
Arches, please test at least one of 2.1.21(-r)? and mark stable, thank you.
-r2 Alpha'lized !
stable on ppc64
is now CVE-2006-1721
arches, please don't forget this one, thanks. (From http://www.gentoo.org/security/en/vulnerability-policy.xml , adm64, hppa and ppc stabilizations are still needed before closing the bug.)
stable on hppa
amd64, ppc please test and mark stable
Compiles and runs the test-server && client on ppc (USE="sample"), any further tests i could do?
arm, ia64, mips, s390 don't forget to mark stable to benifit from the GLSA.
*** Bug 130733 has been marked as a duplicate of this bug. ***
(In reply to comment #12)
> GLSA 200604-09
> arm, ia64, mips, s390 don't forget to mark stable to benifit from the GLSA.
I am about to removed all ebuild <2.1.21-r2 and noticed mips has stable keyword in cyrus-sasl-2.1.20.ebuild but has not stable 2.1.21-r2 yet.
Stable on mips.