Rob Siemborski <[EMAIL PROTECTED]> writes: > On Tue, 3 Dec 2002, Nels Lindquist wrote: > >> On 3 Dec 2002 at 9:57, Steve Wright wrote: >> >> > The message below is forwarded from bugtraq. >> > I've not seen any discussion of this, is an official fix available ? >> > The "semi-exploit" shown does indeed segfault imapd processes on my Debian >> > (sid) boxes. >> >> I'd imagine there should be patches for 1.6.24 and 2.0.16, as well as >> 2.1.10. > > There are now fixes in CVS for both the pre-login vulnerability and the > sieve vulnerability for 2.0 (cyrus-2-0-tail) and 2.1 (HEAD).
Any comment on why it took over a month to react to this reported vulnerability? A comment explaining why it took so long and what happened in the meantime would be useful in extrapolating how future vulneribilities will be handled. If this has already been discussed somewhere, I am sorry for duplicating the discussion and would appreciate a pointer.
