Debian
perdition package

  1. Bug #162543
  2. Comment #9

Comment 9 for bug 162543

Revision history for this message
Stephan RĂ¼gamer (sruegamer) wrote :

perdition (1.17-7ubuntu0.7.04.1) feisty-security; urgency=low

  * SECURITY UPDATE: The format string protection
    mechanism in IMAPD for Perdition Mail Retrieval
    Proxy 1.17 and earlier allows remote attackers to
    execute arbitrary code via an IMAP tag with a null
    byte followed by a format string specifier,
    which is not counted by the mechanism.
  * perdition/imap4_in.c: Added patch according to upstream (LP: #162543)
    (See: http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46)
  * References:
    CVE-2007-5740
    https://bugs.edge.launchpad.net/ubuntu/dapper/+source/perdition/+bug/162543
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448853
    http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46

 -- Stephan Hermann <email address hidden> Wed, 14 Nov 2007 14:08:08 +0100