Your message dated Mon, 05 Oct 2009 01:54:48 +0000
with message-id <e1mucmm-0008ad...@ries.debian.org>
and subject line Bug#546656: fixed in dovecot 1.0.rc15-2etch5
has caused the Debian Bug report #546656,
regarding CVE-2009-3235: Multiple stack-based buffer overflows in the Sieve
plugin in Dovecot
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
546656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546656
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: dovecot-common
version: 1:1.0.15-2.3
severity: important
tags: security upstream
The CMU Sieve plugin for Dovecot v1.0/v1.1 is based on the Cyrus Sieve
library. As described in DSA 1881-1¹ there was a vulnerability.
Timo Sirainen has announced² the availability of the bug fixed versions
v1.1.7 for Dovecot v1.1 and v1.0.4 for Dovecot v1.0.
This affects also dovecot-common 1.0.rc15-2etch4 in oldstable and
dovecot-common 1:1.0.15-2.3~bpo40+1 etch-backports.
This security hole does not exits in new Sieve implementation, from
Stephan Bosch, for Dovecots v1.2 series.
Regards,
Pascal
--
1 = http://www.debian.org/security/2009/dsa-1881
2 = http://dovecot.org/list/dovecot-news/2009-September/000135.html
--
Ubuntu is an ancient African word meaning “I can’t install Debian.”
-- unknown
--- End Message ---
--- Begin Message ---
Source: dovecot
Source-Version: 1.0.rc15-2etch5
We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive:
dovecot-common_1.0.rc15-2etch5_i386.deb
to pool/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_i386.deb
dovecot-imapd_1.0.rc15-2etch5_i386.deb
to pool/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_i386.deb
dovecot-pop3d_1.0.rc15-2etch5_i386.deb
to pool/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_i386.deb
dovecot_1.0.rc15-2etch5.diff.gz
to pool/main/d/dovecot/dovecot_1.0.rc15-2etch5.diff.gz
dovecot_1.0.rc15-2etch5.dsc
to pool/main/d/dovecot/dovecot_1.0.rc15-2etch5.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 546...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <giuse...@iuculano.it> (supplier of updated dovecot package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 23 Sep 2009 09:46:40 +0200
Source: dovecot
Binary: dovecot-common dovecot-pop3d dovecot-imapd
Architecture: source i386
Version: 1.0.rc15-2etch5
Distribution: oldstable-security
Urgency: high
Maintainer: Dovecot Maintainers <jaldhar-dove...@debian.org>
Changed-By: Giuseppe Iuculano <giuse...@iuculano.it>
Description:
dovecot-common - secure mail server that supports mbox and maildir mailboxes
dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes
dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes
Closes: 546656
Changes:
dovecot (1.0.rc15-2etch5) oldstable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix for bufffer overflow in SIEVE filtering allowing for privilege
escalation (closes: #546656). Thanks to Don Armstrong.
Files:
69660b4d8bd4c443a9e6a445cee73ae4 1017 mail optional dovecot_1.0.rc15-2etch5.dsc
25968ea91265d9c79869fd13e1cf18a7 105496 mail optional
dovecot_1.0.rc15-2etch5.diff.gz
3e11a2b0f46ce7452760264a478a07a2 1135076 mail optional
dovecot-common_1.0.rc15-2etch5_i386.deb
41d4f84120825e06e41ff079dabd0429 547040 mail optional
dovecot-imapd_1.0.rc15-2etch5_i386.deb
e2fe7ef8a944f84d59c4d13c2583f37f 514726 mail optional
dovecot-pop3d_1.0.rc15-2etch5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkq6NN4ACgkQ62zWxYk/rQeZiACeODKNIa2UbiRCWYw3TFvV4ULl
33gAnR8VfFFGyDyY6u+Pdhik3aNTqjj9
=MWTy
-----END PGP SIGNATURE-----
--- End Message ---
