On Wed, Nov 19, 2008 at 05:32:24PM +0000, Dominic Hargreaves wrote: > I'm not sure what the solution to this is; it's rather unfortunate that > lenny contains what's now an old branch of code that probably won't be > maintained any more. > > Might be worth asking on the dovecot list to see if anyone is able to > offer a backport?
For completeness, Redhat decision on this: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4578 "The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 5." -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

