Hi Moritz, thanks for heads-up.
I am preparing the security updates for cyrus-imapd-2.2 right now. Please note that for cyrus-imapd-2.4 this vulnerability was fixed in upstream 2.4.7. O. On Tue, May 17, 2011 at 16:59, Moritz Muehlenhoff <muehlenh...@univention.de> wrote: > Package: cyrus-imapd-2.2 > Severity: grave > Tags: security > > Hi, > I was found out that Cyrus is also vulnerable to the STARTTLS plaintext > command injection vulnerability originally discovered in Postfix: > > http://www.kb.cert.org/vuls/id/555316 > http://www.postfix.org/CVE-2011-0411.html > > Cyrus bug: > http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424 > > Patch: > http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162 > > Cheers, > Moritz > > > > _______________________________________________ > Pkg-Cyrus-imapd-Debian-devel mailing list > pkg-cyrus-imapd-debian-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/pkg-cyrus-imapd-debian-devel > -- Ondřej Surý <ond...@sury.org> -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
