Package: cyrus-imapd-2.2 Severity: grave Tags: security Hi, I was found out that Cyrus is also vulnerable to the STARTTLS plaintext command injection vulnerability originally discovered in Postfix:
http://www.kb.cert.org/vuls/id/555316 http://www.postfix.org/CVE-2011-0411.html Cyrus bug: http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424 Patch: http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
