Hi Henrique,
Henrique de Moraes Holschuh ha scritto:
> Also, we need the same fix to be applied to stable and old-stable...
I've prepared stable and oldstable packages:
http://sd6.iuculano.it/sec/cyrus-imapd-2.2/
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Full patch for cve-2009-3235 for cyrus-imap-2.2. One hunk of bc_eval.c
doesn't apply to the older version (no BC_BODY handling).
I will commit it to the trunk in a few minutes.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. I
Processing commands for cont...@bugs.debian.org:
> notfixed 547947 2.2.13-10+etch2
Bug #547947 [cyrus-imapd-2.2] CVE-2009-3235: CMU sieve buffer overflows
There is no source info for the package 'cyrus-imapd-2.2' at version
'2.2.13-10+etch2' with architecture ''
Unable to make a source version fo
notfixed 547947 2.2.13-10+etch2
notfixed 547947 2.2.13-14+lenny1
tag 547947 + confirmed
thanks
Well, it looks like we need to go another round of security updates for
Cyrus.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In th
found 547947 2.2.12-1
fixed 547947 2.2.13-10+etch2
fixed 547947 2.2.13-14+lenny1
thanks
On Tue, 22 Sep 2009, Benjamin Seidenberg wrote:
> fixed 547947 2.2.13-15
> thanks
>
> A fix was released before the CVE was even published
Indeed. I am not sure how old this bug is, it might well go going
fu
Processing commands for cont...@bugs.debian.org:
> found 547947 2.2.12-1
Bug #547947 [cyrus-imapd-2.2] CVE-2009-3235: CMU sieve buffer overflows
There is no source info for the package 'cyrus-imapd-2.2' at version '2.2.12-1'
with architecture ''
Unable to make a source version for version '2.2.12
On Tue, 22 Sep 2009, Henrique de Moraes Holschuh wrote:
> Full patch for cve-2009-3235 for cyrus-imap-2.2. One hunk of bc_eval.c
> doesn't apply to the older version (no BC_BODY handling).
>
> I will commit it to the trunk in a few minutes.
SVN trunk ready for release. Unfortunately, I don't ha
Processing commands for cont...@bugs.debian.org:
> notfixed 547947 2.2.13-15
Bug #547947 [cyrus-imapd-2.2] CVE-2009-3235: CMU sieve buffer overflows
There is no source info for the package 'cyrus-imapd-2.2' at version
'2.2.13-15' with architecture ''
Unable to make a source version for version '2
notfixed 547947 2.2.13-15
thanks
Benjamin Seidenberg ha scritto:
> A fix was released before the CVE was even published
>> Patch:
>> https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/sieve.y.diff?r1=1.40;r2=1.41;f=h
>>
>> https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.c
fixed 547947 2.2.13-15
thanks
A fix was released before the CVE was even published
Giuseppe Iuculano wrote:
> Package: cyrus-imapd-2.2
> Severity: grave
> Tags: security patch
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for cyrus-imapd-2.2.
>
> CVE-2009-323
Processing commands for cont...@bugs.debian.org:
> fixed 547947 2.2.13-15
Bug #547947 [cyrus-imapd-2.2] CVE-2009-3235: CMU sieve buffer overflows
There is no source info for the package 'cyrus-imapd-2.2' at version
'2.2.13-15' with architecture ''
Unable to make a source version for version '2.2.
Package: cyrus-imapd-2.2
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for cyrus-imapd-2.2.
CVE-2009-3235[0]:
| Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
|
12 matches
Mail list logo
