[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: [Fwd: Cyrus SASL Releases 1.5.28 and 2.1.6]

To: Harry Ruter <harry_rueter@gmx.de>, <OpenLDAP-software@OpenLDAP.org>
Subject: RE: [Fwd: Cyrus SASL Releases 1.5.28 and 2.1.6]
From: "Howard Chu" <hyc@highlandsun.com>
Date: Wed, 17 Jul 2002 02:25:39 -0700
Importance: Normal
In-reply-to: <3D35200F.F172F264@gmx.de>

If you're using Cyrus 1.5.x I definitely recommend moving up to 1.5.28. I
haven't had a chance to check out 2.1.6 yet but I imagine it would be a smart
move as well.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Harry Ruter
> Sent: Wednesday, July 17, 2002 12:43 AM
> To: OpenLDAP-software@OpenLDAP.org
> Subject: [Fwd: Cyrus SASL Releases 1.5.28 and 2.1.6]
>
>
> Hi everybody,
>
> maybe this is of interest for the list :
>
> -------- Original Message --------
> Subject: Cyrus SASL Releases 1.5.28 and 2.1.6
> Date: Tue, 16 Jul 2002 17:40:08 -0400 (EDT)
> From: Rob Siemborski <rjs3@andrew.cmu.edu>
> To: info-cyrus@andrew.cmu.edu
> CC: cyrus-sasl@andrew.cmu.edu
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'd like to announce the release of Cyrus SASL Versions 1.5.28 and
> 2.1.6.
> These releases both fix a problem with how CRAM-MD5 verifies secrets,
> and
> as such have security implications for sites which make use of this
> mechanism.
>
> In addition to the security fix, the SASL 2.1.6 release contains an
> experimental MySQL plugin based off of Simon Loader's patch, and an
> experimental LDAP saslauthd module (Courtesy of Igor Brezac).  SASL
> 1.5.28
> includes very rudimentary OS X support, as well as a cleanup of code in
> most plugins.
>
> Download at:
>
> ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-sasl-2.1.6.tar.gz
> ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-sasl-1.5.28-BETA.tar.gz
> or
> http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-sasl-2.1.6.tar.gz
> http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-sasl-1.5.28-BETA.tar.gz
>
> Cyrus SASL 1.5.28 is currently considered a beta release.  This is
> because, in addition to the CRAM-MD5 security fix, it has code in it
> which
> has other bugfixes which have not received extensive testing.  We do not
> believe there are any problems in this code and anticipate removing the
> BETA label after we have seen it "in the wild" for some time.  Please
> note
> that we still do not intend to make any further releases of the SASL 1.5
> branch, unless further security concerns are discovered.
>
> Please send any feedback either to cyrus-sasl@lists.andrew.cmu.edu
> (public list) or to cyrus-bugs@andrew.cmu.edu.
>
> Thanks,
> - -Rob
>
> - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
> Research Systems Programmer * /usr/contributed Gatekeeper
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8
> Comment: Made with pgp4pine 1.76
>
> iQA/AwUBPTSSwGes8cJc4y/MEQLo5QCfdn50l65acThYacGCuD3exUAQ+c8An2na
> WwAjMAsT4VOiKywfFvjokANB
> =Obw8
> -----END PGP SIGNATURE-----

References:
- [Fwd: Cyrus SASL Releases 1.5.28 and 2.1.6]
  - From: Harry Rüter <harry_rueter@gmx.de>

Prev by Date: odd pam_ldap configuration issues
Next by Date: Cannot install OpenLDAP with BerkeleyDB 4.0.14? Help
Index(es):
- Chronological
- Thread