perdition (1.17-7ubuntu0.7.04.1) feisty-security; urgency=low * SECURITY UPDATE: The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. * perdition/imap4_in.c: Added patch according to upstream (LP: #162543) (See: http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46) * References: CVE-2007-5740 https://bugs.edge.launchpad.net/ubuntu/dapper/+source/perdition/+bug/162543 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448853 http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46
-- Stephan Hermann <[EMAIL PROTECTED]> Wed, 14 Nov 2007 14:08:08 +0100 -- CVE-2007-5740: format string vulnerability https://bugs.launchpad.net/bugs/162543 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs