I think this hasn't been addressed in part because it didn't get a CVE number: http://openwall.com/lists/oss-security/2013/07/12/4
Since the service appears to be restarting without qualm, I can see why it didn't get a CVE, but this does seem less than awesome. Mancha made a lot of patches for services when the crypt() change happened, here's an email from him with upstream patch and two backported patches: http://openwall.com/lists/oss-security/2013/07/12/3 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1187001 Title: saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs