Your message dated Sun, 04 Oct 2009 16:46:25 +0000
with message-id <e1muue5-0005ad...@ries.debian.org>
and subject line Bug#547712: fixed in kolab-cyrus-imapd 2.2.13-6
has caused the Debian Bug report #547712,
regarding CVE-2009-2632: Buffer overflow in the SIEVE script component
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
547712: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547712
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: kolab-cyrus-imapd
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kolab-cyrus-imapd.
CVE-2009-2632[0]:
| Buffer overflow in the SIEVE script component (sieve/script.c), as
| used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and
| Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to
| execute arbitrary code and read or modify arbitrary messages via a
| crafted SIEVE script, related to the incorrect use of the sizeof
| operator for determining buffer length, combined with an integer
| signedness error.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632
http://security-tracker.debian.net/tracker/CVE-2009-2632
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkq3xN0ACgkQNxpp46476aoKcwCfQN+gUb2JMpzFYvRnu8ZlfY3s
5bEAoI9ZX21e1dUaBdEG8KGnDrpWoHnI
=BODE
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: kolab-cyrus-imapd
Source-Version: 2.2.13-6
We believe that the bug you reported is fixed in the latest version of
kolab-cyrus-imapd, which is due to be installed in the Debian FTP archive:
kolab-cyrus-admin_2.2.13-6_all.deb
to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-admin_2.2.13-6_all.deb
kolab-cyrus-clients_2.2.13-6_i386.deb
to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-6_i386.deb
kolab-cyrus-common_2.2.13-6_i386.deb
to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-6_i386.deb
kolab-cyrus-imapd_2.2.13-6.diff.gz
to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-6.diff.gz
kolab-cyrus-imapd_2.2.13-6.dsc
to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-6.dsc
kolab-cyrus-imapd_2.2.13-6_i386.deb
to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-6_i386.deb
kolab-cyrus-pop3d_2.2.13-6_i386.deb
to pool/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-6_i386.deb
kolab-libcyrus-imap-perl_2.2.13-6_i386.deb
to pool/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 547...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathieu Parent <sath...@debian.org> (supplier of updated kolab-cyrus-imapd
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 04 Oct 2009 14:56:07 +0200
Source: kolab-cyrus-imapd
Binary: kolab-cyrus-common kolab-cyrus-imapd kolab-cyrus-pop3d
kolab-cyrus-admin kolab-cyrus-clients kolab-libcyrus-imap-perl
Architecture: source all i386
Version: 2.2.13-6
Distribution: unstable
Urgency: low
Maintainer: Debian Kolab Maintainers <pkg-kolab-de...@lists.alioth.debian.org>
Changed-By: Mathieu Parent <sath...@debian.org>
Description:
kolab-cyrus-admin - Kolab Cyrus mail system - administration tools
kolab-cyrus-clients - Kolab Cyrus mail system (test clients)
kolab-cyrus-common - Kolab Cyrus mail system - common files
kolab-cyrus-imapd - Kolab Cyrus mail system - IMAP support
kolab-cyrus-pop3d - Kolab Cyrus mail system - POP3 support
kolab-libcyrus-imap-perl - Kolab Interface to Cyrus imap client imclient
library
Closes: 547712
Changes:
kolab-cyrus-imapd (2.2.13-6) unstable; urgency=low
.
* Synced against cyrus-imapd package
* Fix and acknowledge NMU for "CVE-2009-2632: Buffer overflow in the SIEVE
script component" (Closes: #547712)
* Added me as uploader
* debian/control:
- Prefix packages descriptions by "Kolab "
- Conflicts, Replaces and Provides corresponding cyrus-imapd-2.2 packages
- Added Recommends and Suggests (based on cyrus-imapd-2.2)
* Get closer to cyrus-imapd-2.2: cyrus.conf
Checksums-Sha1:
07402079e46c0b4ba4c2e5737eac319da815c1c9 1873 kolab-cyrus-imapd_2.2.13-6.dsc
5d38bffc9626d92a9d80022e006e939fad6b1406 258242
kolab-cyrus-imapd_2.2.13-6.diff.gz
7ec59870370d042cac9a5421679db0d790e041bc 84768
kolab-cyrus-admin_2.2.13-6_all.deb
44df768d77d90839ae1cdfb1a8f61f02ffee58b8 5566174
kolab-cyrus-common_2.2.13-6_i386.deb
b798e5c6a9b960bedf4e6f060163e56d6b652a22 915256
kolab-cyrus-imapd_2.2.13-6_i386.deb
0bdecc6209ead5c38a5bf4c3820d73149b122355 273814
kolab-cyrus-pop3d_2.2.13-6_i386.deb
d4d689144c93e349191014fa54bbd3e5c61d7b64 133334
kolab-cyrus-clients_2.2.13-6_i386.deb
27a6bd7590faed88f3d7561897552d8e804ec2ce 182716
kolab-libcyrus-imap-perl_2.2.13-6_i386.deb
Checksums-Sha256:
c6f0ccb656c0f1f1f0d46e59b608b7892cde47a45b9c0587f5de6019b93692ed 1873
kolab-cyrus-imapd_2.2.13-6.dsc
70e6859fc2b3f5e076f8e7b831e6b1241725aff9259dc30700a0dd31c398e9fc 258242
kolab-cyrus-imapd_2.2.13-6.diff.gz
9308140ee50c6ac7521e5bcab40ae158ad56c595c34ffe339672ed042c16d789 84768
kolab-cyrus-admin_2.2.13-6_all.deb
7c979d03e2b3d6173544da4936f0204e3ca7a6fa6a0b2bcb1dce868b43681c62 5566174
kolab-cyrus-common_2.2.13-6_i386.deb
91791b982dc277569e4343e4b6a7ab0e68a43d3d5035f3464c611804bfa2ce54 915256
kolab-cyrus-imapd_2.2.13-6_i386.deb
78ee7ac98801474d9f5512e2202d6f5eba92c0b74127dc42ce1d7137b299792e 273814
kolab-cyrus-pop3d_2.2.13-6_i386.deb
eb3f365c365cb590c7a848a5648e8134b93618348184a42350ba17ff4f7c8021 133334
kolab-cyrus-clients_2.2.13-6_i386.deb
f5bc9fb5228c83ba87737d48841c1d0a567a5e35066e94d2bc3c948c90909212 182716
kolab-libcyrus-imap-perl_2.2.13-6_i386.deb
Files:
85f6694ef0fb2fcb46b98bf413a814be 1873 mail extra kolab-cyrus-imapd_2.2.13-6.dsc
292edc68321074d53f5f78b0ffbb51e1 258242 mail extra
kolab-cyrus-imapd_2.2.13-6.diff.gz
026eb884e026184bb9e87bb9aeff986f 84768 mail extra
kolab-cyrus-admin_2.2.13-6_all.deb
87c4c2d28958e2974630fd97ca6ba641 5566174 mail extra
kolab-cyrus-common_2.2.13-6_i386.deb
18e8dde6371979d1a9af9178eea87ab7 915256 mail extra
kolab-cyrus-imapd_2.2.13-6_i386.deb
77cbda14f110e4d2a027d7ad3c7d20b9 273814 mail extra
kolab-cyrus-pop3d_2.2.13-6_i386.deb
6deac4b59d07fde26bfdb91656064730 133334 mail extra
kolab-cyrus-clients_2.2.13-6_i386.deb
a0539262fe72726abea544155be7619f 182716 perl extra
kolab-libcyrus-imap-perl_2.2.13-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkrIvw4ACgkQOW2jYf5fHX9X+gCeMEZiohN12Ri2txcrUQgGdpN5
53MAnA/d1H+Q/QeyZVayCSOhvRey6gYr
=+PmU
-----END PGP SIGNATURE-----
--- End Message ---
