[Date Prev][Date Next] [Chronological] [Thread] [Top]

[Fwd: Cyrus SASL Releases 1.5.28 and 2.1.6]

To: "OpenLDAP-software@OpenLDAP.org" <OpenLDAP-software@OpenLDAP.org>
Subject: [Fwd: Cyrus SASL Releases 1.5.28 and 2.1.6]
From: Harry Rüter <harry_rueter@gmx.de>
Date: Wed, 17 Jul 2002 09:43:11 +0200

Hi everybody,

maybe this is of interest for the list :

-------- Original Message --------
Subject: Cyrus SASL Releases 1.5.28 and 2.1.6
Date: Tue, 16 Jul 2002 17:40:08 -0400 (EDT)
From: Rob Siemborski <rjs3@andrew.cmu.edu>
To: info-cyrus@andrew.cmu.edu
CC: cyrus-sasl@andrew.cmu.edu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'd like to announce the release of Cyrus SASL Versions 1.5.28 and
2.1.6.
These releases both fix a problem with how CRAM-MD5 verifies secrets,
and
as such have security implications for sites which make use of this
mechanism.

In addition to the security fix, the SASL 2.1.6 release contains an
experimental MySQL plugin based off of Simon Loader's patch, and an
experimental LDAP saslauthd module (Courtesy of Igor Brezac).  SASL
1.5.28
includes very rudimentary OS X support, as well as a cleanup of code in
most plugins.

Download at:

ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-sasl-2.1.6.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-sasl-1.5.28-BETA.tar.gz
or
http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-sasl-2.1.6.tar.gz
http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-sasl-1.5.28-BETA.tar.gz

Cyrus SASL 1.5.28 is currently considered a beta release.  This is
because, in addition to the CRAM-MD5 security fix, it has code in it
which
has other bugfixes which have not received extensive testing.  We do not
believe there are any problems in this code and anticipate removing the
BETA label after we have seen it "in the wild" for some time.  Please
note
that we still do not intend to make any further releases of the SASL 1.5
branch, unless further security concerns are discovered.

Please send any feedback either to cyrus-sasl@lists.andrew.cmu.edu
(public list) or to cyrus-bugs@andrew.cmu.edu.

Thanks,
- -Rob

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.76

iQA/AwUBPTSSwGes8cJc4y/MEQLo5QCfdn50l65acThYacGCuD3exUAQ+c8An2na
WwAjMAsT4VOiKywfFvjokANB
=Obw8
-----END PGP SIGNATURE-----

Follow-Ups:
- RE: [Fwd: Cyrus SASL Releases 1.5.28 and 2.1.6]
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: grant write acces to anonymous bind
Next by Date: Client Executables size
Index(es):
- Chronological
- Thread