Moderate: cyrus-sasl security update

ID ELSA-2007-0878
Type oraclelinux
Reporter Oracle
Modified 2007-09-04T00:00:00


[- 2.1.15-15] - Changed spec file to include the mech patch all the time. - Added patch to prevent printing null realm - Applied existing mech for 1.5 to 2.1 Related: rhbz#189814

[2.1.15-14] - temporarily back out the fixes for #157012, #190113

[2.1.15-13] - add unapplied patches which make the DIGEST-MD5 plugins omit the realm argument when the environment has
set to a non-zero value, for testing purposes - add missing build dependency on zlib-devel (#190113)

[2.1.15-12] - make v1 of the sasl library use /dev/urandom instead of /dev/random, as we do in v2 of the library at compile-time (#157012)

[2.1.15-11] - backport fix for segfault in the digest-md5 module in cases when the client didn't supply a realm (#189814, CVE-2006-1721)