Comment 7 for bug 10608

Martin Pitt wrote:
> At least sarge's and sid's versions are vulnerable to above CANs and
> some additional issue described in

The version in woody is vulnerable to CAN-2004-1012 and CAN-2004-1013.
I plan to use the attached patch.

> http://patches.ubuntu.com/patches/cyrus21-imapd.CAN-2004-1012+13.diff
>
> Please fix this as soon as possible since this is a root security
> hole. Please also check whether woody is vulnerable, I did not do
> this.
>
> My changelog:
>
> ------------------- snip -----------------
> cyrus21-imapd (2.1.16-10ubuntu1) hoary; urgency=low
> .
> * SECURITY UPDATE: fix several potential buffer overflows
> * imap/imapd.c:
> - cmd_fetch(), cmd_partial(): fixed insufficient checking of the command
> string: the command "body[p"/"BODY[P" was recognized as
> "body.peek"/"BODY.PEEK" which caused an incrementation of the command
> buffer pointer beyond the allocated memory
> - fixed two incarnations of "flag[nflags++] = xstrdup(...)"; the value of
> nflags within functions called by xstrdup() is undefined and different
> gcc versions handle this differently
> * Note: this version is not vulnerable to CAN-2004-1011
> * References:
> CAN-2004-1012, CAN-2004-1013
> http://security.e-matters.de/advisories/152004.html
> ------------------- snip -----------------

CAN-2004-1015 missing. Not sure if the version in ubuntu or unstable is
vulnerable, though.

Henrique, please mention the respective CVE Id in the proper changelog
entry and please let me know which version in unstable fixes the problems.

Regards,

 Joey

--
WARNING: Do not execute! This call violates patent DE10108564.
http://www.elug.de/projekte/patent-party/patente/DE10108564

wget -O patinfo-`date +"%Y%m%d"`.html http://patinfo.ffii.org/

Please always Cc to me when replying to me on the lists.