Bug#547712: marked as done (CVE-2009-2632: Buffer overflow in the SIEVE script component)

[Debian Bug Tracking System]

Your message dated Sat, 03 Oct 2009 22:25:34 +0000
with message-id <e1mud2k-0006l4...@ries.debian.org>
and subject line Bug#547712: fixed in kolab-cyrus-imapd 2.2.13-5.1
has caused the Debian Bug report #547712,
regarding CVE-2009-2632: Buffer overflow in the SIEVE script component
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
547712: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547712
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: kolab-cyrus-imapd
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kolab-cyrus-imapd.

CVE-2009-2632[0]:
| Buffer overflow in the SIEVE script component (sieve/script.c), as
| used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and
| Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to
| execute arbitrary code and read or modify arbitrary messages via a
| crafted SIEVE script, related to the incorrect use of the sizeof
| operator for determining buffer length, combined with an integer
| signedness error.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632
    http://security-tracker.debian.net/tracker/CVE-2009-2632


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkq3xN0ACgkQNxpp46476aoKcwCfQN+gUb2JMpzFYvRnu8ZlfY3s
5bEAoI9ZX21e1dUaBdEG8KGnDrpWoHnI
=BODE
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: kolab-cyrus-imapd
Source-Version: 2.2.13-5.1

We believe that the bug you reported is fixed in the latest version of
kolab-cyrus-imapd, which is due to be installed in the Debian FTP archive:

kolab-cyrus-admin_2.2.13-5.1_all.deb
  to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-admin_2.2.13-5.1_all.deb
kolab-cyrus-clients_2.2.13-5.1_i386.deb
  to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5.1_i386.deb
kolab-cyrus-common_2.2.13-5.1_i386.deb
  to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5.1_i386.deb
kolab-cyrus-imapd_2.2.13-5.1.diff.gz
  to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5.1.diff.gz
kolab-cyrus-imapd_2.2.13-5.1.dsc
  to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5.1.dsc
kolab-cyrus-imapd_2.2.13-5.1_i386.deb
  to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5.1_i386.deb
kolab-cyrus-pop3d_2.2.13-5.1_i386.deb
  to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5.1_i386.deb
kolab-libcyrus-imap-perl_2.2.13-5.1_i386.deb
  to pool/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 547...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated kolab-cyrus-imapd 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 03 Oct 2009 20:00:44 +0200
Source: kolab-cyrus-imapd
Binary: kolab-cyrus-common kolab-cyrus-imapd kolab-cyrus-pop3d 
kolab-cyrus-admin kolab-cyrus-clients kolab-libcyrus-imap-perl
Architecture: source all i386
Version: 2.2.13-5.1
Distribution: unstable
Urgency: high
Maintainer: Debian Kolab Maintainers <pkg-kolab-de...@lists.alioth.debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description: 
 kolab-cyrus-admin - Cyrus mail system (administration tool)
 kolab-cyrus-clients - Cyrus mail system (test clients)
 kolab-cyrus-common - Cyrus mail system (common files)
 kolab-cyrus-imapd - Cyrus mail system (IMAP support)
 kolab-cyrus-pop3d - Cyrus mail system (POP3 support)
 kolab-libcyrus-imap-perl - Interface to Cyrus imap client imclient library
Closes: 547712
Changes: 
 kolab-cyrus-imapd (2.2.13-5.1) unstable; urgency=high
 .
   * Non-maintainer upload by the testing Security Team.
   * Fix buffer overflow in SIEVE script component
     (CVE-2009-3235, CVE-2009-2632) (Closes: 547712)
Checksums-Sha1: 
 d5d2bc37265f8a61ec4755b637f5bfe791c461bf 1824 kolab-cyrus-imapd_2.2.13-5.1.dsc
 b4aaf55ba5d2e4dc26cd93563235a76c67e9daea 257486 
kolab-cyrus-imapd_2.2.13-5.1.diff.gz
 1d6ed03bcaf64803be1ab984fbc2b67951030416 83414 
kolab-cyrus-admin_2.2.13-5.1_all.deb
 225910dc2ce0ac9591a70d46a0a0650f1ed29726 5564956 
kolab-cyrus-common_2.2.13-5.1_i386.deb
 bb8e83ad0c6b99fae00863cac0afa9f1807cf7f3 915222 
kolab-cyrus-imapd_2.2.13-5.1_i386.deb
 16c6e7af85d4e7e8118377336f1bcd2344c154f0 273410 
kolab-cyrus-pop3d_2.2.13-5.1_i386.deb
 4c69477925ccd21edc1a7b07df8a809d29a160bc 132220 
kolab-cyrus-clients_2.2.13-5.1_i386.deb
 21beedb2b6a3db3ec89780685252896393b3ad52 180944 
kolab-libcyrus-imap-perl_2.2.13-5.1_i386.deb
Checksums-Sha256: 
 e9b9e5cce0f7090a390f64fd37875213ecefb2c710fb1984d5c06b3b756dd9ed 1824 
kolab-cyrus-imapd_2.2.13-5.1.dsc
 71496540cac610ccfe108aeae5567fb355dc1b0a5031e70010c1262ae999b5c0 257486 
kolab-cyrus-imapd_2.2.13-5.1.diff.gz
 58be564c4e04e2fef896628ea8876156546934fc9a1d0ebd7c89539ec62e0ec9 83414 
kolab-cyrus-admin_2.2.13-5.1_all.deb
 51adf04d7a9e771c4d01706ea772360d6102ee5646d552d2e6f0093f2883a437 5564956 
kolab-cyrus-common_2.2.13-5.1_i386.deb
 c9227f3f891bc5696b6ed338fb973605b032fe67e8e9fba4819e836627200a7b 915222 
kolab-cyrus-imapd_2.2.13-5.1_i386.deb
 dafb4ada7adb4dcc946893d0dc2ffad916b2b32322924943ae565349adf8d455 273410 
kolab-cyrus-pop3d_2.2.13-5.1_i386.deb
 4f72cd055c0cf5b8a4d4bc794751365b9ebb991e44ec3d7d307694d3afcca182 132220 
kolab-cyrus-clients_2.2.13-5.1_i386.deb
 bb4dce08a9d433d48081fbb0c19efe94847ed46510d368e502a4ae6697a61e98 180944 
kolab-libcyrus-imap-perl_2.2.13-5.1_i386.deb
Files: 
 b997176005ba3c712e441329a93fbcbe 1824 mail extra 
kolab-cyrus-imapd_2.2.13-5.1.dsc
 bbd1fccb66f0089e586a7de79d0c051b 257486 mail extra 
kolab-cyrus-imapd_2.2.13-5.1.diff.gz
 d7d788e3187d8efed81899d07561342e 83414 mail extra 
kolab-cyrus-admin_2.2.13-5.1_all.deb
 db297cb430f4764405e17b255a9aa7f2 5564956 mail extra 
kolab-cyrus-common_2.2.13-5.1_i386.deb
 d63d25c4e8043aa83685ef71337b8cbf 915222 mail extra 
kolab-cyrus-imapd_2.2.13-5.1_i386.deb
 828617ad9d7ea8871ae278913d586aff 273410 mail extra 
kolab-cyrus-pop3d_2.2.13-5.1_i386.deb
 e93e8a8d96e4da6bbcb7204fb5cd1ac2 132220 mail extra 
kolab-cyrus-clients_2.2.13-5.1_i386.deb
 85c951cf74f8813eb72baee4ca37374d 180944 perl extra 
kolab-libcyrus-imap-perl_2.2.13-5.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkrHuDcACgkQNxpp46476aq2TwCfdEo+vknZLln66B6RpEKrvGyY
F8cAn2fq8YFIkb04RE/Ww531C0HXPGJJ
=lsq9
-----END PGP SIGNATURE-----

--- End Message ---