Bug#431191: cyrus-sasl2: don't allow trailing CR/LF/CRLF in base64 data

[Fabian Fagerholm]

Going forward with this.

Only packages depending on libsasl2-2 can call sasl_decode64. So we run
apt-cache rdepends libsasl2-2 on a sid system to get all those packages.
(79 binary packages)

Then, we download the source for each of those. (38 source packages)

Now we have a set of candidates. To qualify, a package's source code has
to call sasl_decode64, so we look for files with that string in them.
(64 files in 12 source packages -- and one of them is cyrus-sasl2
itself)

So here are the packages that have code calling sasl_decode64:

        beepcore-c-0.2+cvs20030603
        cyrus-imapd-2.2-2.2.13
        cyrus-sasl2-2.1.22.dfsg1
        cyrus21-imapd-2.1.18
        hotway-0.8.4
        kolab-cyrus-imapd-2.2.13
        libetpan-0.49
        mail-notification-4.1.dfsg.1
        mutt-1.5.16
        nmh-1.2
        nufw-2.2.2
        postfix-2.4.3

I'm going to contact each maintainer separately, explain the situation
and ask for their input.

-- 
Fabian Fagerholm <fabbe at paniq.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20070713/b422d9d2/attachment.pgp