I think this hasn't been addressed in part because it didn't get a CVE number: http://openwall.com/lists/oss-security/2013/07/12/4
Since the service appears to be restarting without qualm, I can see why it didn't get a CVE, but this does seem less than awesome. Mancha made a lot of patches for services when the crypt() change happened, here's an email from him with upstream patch and two backported patches: http://openwall.com/lists/oss-security/2013/07/12/3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1187001 Title: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
