notfixed 547947 2.2.13-15 thanks Benjamin Seidenberg ha scritto: > A fix was released before the CVE was even published
>> Patch: >> https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/sieve.y.diff?r1=1.40;r2=1.41;f=h >> >> https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/bc_eval.c.diff?r1=1.14;r2=1.15;f=h >> >> https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.68;r2=1.69;f=h >> This is is a different vulnerability than CVE-2009-2632, there are a few additional buffer overflows not yet covered, see the patches. Cheers, Giuseppe.
signature.asc
Description: OpenPGP digital signature
