security fixes
Gavin McCullagh
gavin.mccullagh at gcd.ie
Mon May 30 15:03:49 CEST 2011
Hi,
On Mon, 30 May 2011, Christoph Wickert wrote:
> On Thursday 26 May 2011 18:38:54 Skip Morse wrote:
> > I second that, I don't have an answer, but I'm interested too.
>
> Sorry it took so long.
>
> The postfix vulnerability mentioned earlier in this thread mail is scheduled
> for kolab 2.3.2, which hopefully will be released tomorrow after some more
> testing. We are doing a big update to postfix 2.8.3 and this requires more
> testing in real world environments.
>
> The same TLS problem in cyrus was already fixed in Kolab 2.3.1 as you can see
> in [1] and [2].
Are these bugs/fixes worthy of formal security disclosures? I appreciate
it's not code written by the Kolab project, but Kolab is distributing both
the vulnerable code and the fix and it wasn't at all clear to me that 2.3.1
was effectively a security patch.
http://www.kolab.org/security/
Even if Kolab users were to monitor the PHP, Apache, Cyrus, Postfix,
OpenLDAP, etc. projects for security issues, it's not always easy to
determine if bugs in their current releases also affect the Kolab versions.
Gavin
More information about the users
mailing list