Source: cyrus-imapd Version: 3.4.1-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for cyrus-imapd. CVE-2021-33582[0]: | Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of | service (multiple-minute daemon hang) via input that is mishandled | during hash-table interaction. Because there are many insertions into | a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, | and 3.0.16. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-33582 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33582 [1] https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released Please adjust the affected versions in the BTS as needed. Regards, Salvatore
