perdition (1.17-7ubuntu0.7.04.1) feisty-security; urgency=low

  * SECURITY UPDATE: The format string protection
    mechanism in IMAPD for Perdition Mail Retrieval
    Proxy 1.17 and earlier allows remote attackers to
    execute arbitrary code via an IMAP tag with a null
    byte followed by a format string specifier,
    which is not counted by the mechanism.
  * perdition/imap4_in.c: Added patch according to upstream (LP: #162543)
    (See: 
http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46)
  * References:
    CVE-2007-5740
    https://bugs.edge.launchpad.net/ubuntu/dapper/+source/perdition/+bug/162543
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448853
    
http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46

 -- Stephan Hermann <[EMAIL PROTECTED]>   Wed, 14 Nov 2007 14:08:08 +0100

-- 
CVE-2007-5740: format string vulnerability
https://bugs.launchpad.net/bugs/162543
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to