28 Nov
2004
28 Nov
'04
10:56
On Sun, Nov 28, 2004 at 11:54:59AM +0100, Stefano Zanarini wrote:
what about vulnerabilities reported here :
http://security.e-matters.de/advisories/152004.html
is someone working on an update ? even if most of the advisories concern authenticated users (someone with a valid account) they can permit remote code execution (with cyrus user privileges I think,so an attacker could remove all mailboxes on the server for instance).
will patches be available soon ? any news ? the vendor has yet corrected the bug.
Yes, we are working on this bug. Current estimate for patch availability is upcoming Monday (tomorrow). Ciao, Marcus