Thanks. Also note the use of crypt() in a multithreaded application. Must be crypt_r().
CU,
Arno
Seth Arnold <email address hidden> wrote:
>I think this hasn't been addressed in part because it didn't get a CVE
>number: http://openwall.com/lists/oss-security/2013/07/12/4
>
>Since the service appears to be restarting without qualm, I can see why
>it didn't get a CVE, but this does seem less than awesome.
>
>Mancha made a lot of patches for services when the crypt() change
>happened, here's an email from him with upstream patch and two
>backported patches: http://openwall.com/lists/oss-security/2013/07/12/3
>
>--
>You received this bug notification because you are subscribed to the
>bug
>report.
>https://bugs.launchpad.net/bugs/1187001
>
>Title:
> saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
> libc-2.17.so[b7160000+1ad000]
>
>To manage notifications about this bug go to:
>https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001/+subscriptions
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Hi
Thanks. Also note the use of crypt() in a multithreaded application. Must be crypt_r().
CU,
Arno
Seth Arnold <email address hidden> wrote: openwall. com/lists/ oss-security/ 2013/07/ 12/4 openwall. com/lists/ oss-security/ 2013/07/ 12/3 /bugs.launchpad .net/bugs/ 1187001 17.so[b7160000+ 1ad000] /bugs.launchpad .net/ubuntu/ +source/ cyrus-sasl2/ +bug/1187001/ +subscriptions
>I think this hasn't been addressed in part because it didn't get a CVE
>number: http://
>
>Since the service appears to be restarting without qualm, I can see why
>it didn't get a CVE, but this does seem less than awesome.
>
>Mancha made a lot of patches for services when the crypt() change
>happened, here's an email from him with upstream patch and two
>backported patches: http://
>
>--
>You received this bug notification because you are subscribed to the
>bug
>report.
>https:/
>
>Title:
> saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in
> libc-2.
>
>To manage notifications about this bug go to:
>https:/
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.