Bug#547947: CVE-2009-3235: CMU sieve buffer overflows

2009-09-22 Thread Giuseppe Iuculano
Hi Henrique, Henrique de Moraes Holschuh ha scritto: > Also, we need the same fix to be applied to stable and old-stable... I've prepared stable and oldstable packages: http://sd6.iuculano.it/sec/cyrus-imapd-2.2/ Cheers, Giuseppe. signature.asc Description: OpenPGP digital signature

Bug#547947: CVE-2009-3235: CMU sieve buffer overflows

2009-09-22 Thread Henrique de Moraes Holschuh
Full patch for cve-2009-3235 for cyrus-imap-2.2. One hunk of bc_eval.c doesn't apply to the older version (no BC_BODY handling). I will commit it to the trunk in a few minutes. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. I

Bug#547947: CVE-2009-3235: CMU sieve buffer overflows

2009-09-22 Thread Henrique de Moraes Holschuh
notfixed 547947 2.2.13-10+etch2 notfixed 547947 2.2.13-14+lenny1 tag 547947 + confirmed thanks Well, it looks like we need to go another round of security updates for Cyrus. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In th

Bug#547947: CVE-2009-3235: CMU sieve buffer overflows

2009-09-22 Thread Henrique de Moraes Holschuh
found 547947 2.2.12-1 fixed 547947 2.2.13-10+etch2 fixed 547947 2.2.13-14+lenny1 thanks On Tue, 22 Sep 2009, Benjamin Seidenberg wrote: > fixed 547947 2.2.13-15 > thanks > > A fix was released before the CVE was even published Indeed. I am not sure how old this bug is, it might well go going fu

Bug#547947: CVE-2009-3235: CMU sieve buffer overflows

2009-09-22 Thread Henrique de Moraes Holschuh
On Tue, 22 Sep 2009, Henrique de Moraes Holschuh wrote: > Full patch for cve-2009-3235 for cyrus-imap-2.2. One hunk of bc_eval.c > doesn't apply to the older version (no BC_BODY handling). > > I will commit it to the trunk in a few minutes. SVN trunk ready for release. Unfortunately, I don't ha

Bug#547947: CVE-2009-3235: CMU sieve buffer overflows

2009-09-22 Thread Giuseppe Iuculano
notfixed 547947 2.2.13-15 thanks Benjamin Seidenberg ha scritto: > A fix was released before the CVE was even published >> Patch: >> https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/sieve.y.diff?r1=1.40;r2=1.41;f=h >> >> https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.c

Bug#547947: CVE-2009-3235: CMU sieve buffer overflows

2009-09-22 Thread Benjamin Seidenberg
fixed 547947 2.2.13-15 thanks A fix was released before the CVE was even published Giuseppe Iuculano wrote: > Package: cyrus-imapd-2.2 > Severity: grave > Tags: security patch > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for cyrus-imapd-2.2. > > CVE-2009-323

Bug#547947: CVE-2009-3235: CMU sieve buffer overflows

2009-09-22 Thread Giuseppe Iuculano
Package: cyrus-imapd-2.2 Severity: grave Tags: security patch -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for cyrus-imapd-2.2. CVE-2009-3235[0]: | Multiple stack-based buffer overflows in the Sieve plugin in Dovecot |