fixed 547947 2.2.13-15 thanks A fix was released before the CVE was even published
Giuseppe Iuculano wrote: > Package: cyrus-imapd-2.2 > Severity: grave > Tags: security patch > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for cyrus-imapd-2.2. > > CVE-2009-3235[0]: > | Multiple stack-based buffer overflows in the Sieve plugin in Dovecot > | 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, > | allow context-dependent attackers to cause a denial of service (crash) > | and possibly execute arbitrary code via a crafted SIEVE script, as > | demonstrated by forwarding an e-mail message to a large number of > | recipients, a different vulnerability than CVE-2009-2632. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3235 > http://security-tracker.debian.net/tracker/CVE-2009-3235 > Patch: > https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/sieve.y.diff?r1=1.40;r2=1.41;f=h > > https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/bc_eval.c.diff?r1=1.14;r2=1.15;f=h > > https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.68;r2=1.69;f=h > > _______________________________________________ Pkg-Cyrus-imapd-Debian-devel mailing list pkg-cyrus-imapd-debian-de...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-cyrus-imapd-debian-devel -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org