Martin Pitt wrote:
> At least sarge's and sid's versions are vulnerable to above CANs and
> some additional issue described in
The version in woody is vulnerable to CAN-2004-1012 and CAN-2004-1013.
I plan to use the attached patch.
> http://patches.ubuntu.com/patches/cyrus21-imapd.CAN-2004-1012+13.diff
>
> Please fix this as soon as possible since this is a root security
> hole. Please also check whether woody is vulnerable, I did not do
> this.
>
> My changelog:
>
> ------------------- snip -----------------
> cyrus21-imapd (2.1.16-10ubuntu1) hoary; urgency=low
> .
> * SECURITY UPDATE: fix several potential buffer overflows
> * imap/imapd.c:
> - cmd_fetch(), cmd_partial(): fixed insufficient checking of the command
> string: the command "body[p"/"BODY[P" was recognized as
> "body.peek"/"BODY.PEEK" which caused an incrementation of the command
> buffer pointer beyond the allocated memory
> - fixed two incarnations of "flag[nflags++] = xstrdup(...)"; the value of
> nflags within functions called by xstrdup() is undefined and different
> gcc versions handle this differently
> * Note: this version is not vulnerable to CAN-2004-1011
> * References:
> CAN-2004-1012, CAN-2004-1013
> http://security.e-matters.de/advisories/152004.html
> ------------------- snip -----------------
CAN-2004-1015 missing. Not sure if the version in ubuntu or unstable is
vulnerable, though.
Henrique, please mention the respective CVE Id in the proper changelog
entry and please let me know which version in unstable fixes the problems.
Martin Pitt wrote:
> At least sarge's and sid's versions are vulnerable to above CANs and
> some additional issue described in
The version in woody is vulnerable to CAN-2004-1012 and CAN-2004-1013.
I plan to use the attached patch.
> http:// patches. ubuntu. com/patches/ cyrus21- imapd.CAN- 2004-1012+ 13.diff /"BODY. PEEK" which caused an incrementation of the command security. e-matters. de/advisories/ 152004. html
>
> Please fix this as soon as possible since this is a root security
> hole. Please also check whether woody is vulnerable, I did not do
> this.
>
> My changelog:
>
> ------------------- snip -----------------
> cyrus21-imapd (2.1.16-10ubuntu1) hoary; urgency=low
> .
> * SECURITY UPDATE: fix several potential buffer overflows
> * imap/imapd.c:
> - cmd_fetch(), cmd_partial(): fixed insufficient checking of the command
> string: the command "body[p"/"BODY[P" was recognized as
> "body.peek"
> buffer pointer beyond the allocated memory
> - fixed two incarnations of "flag[nflags++] = xstrdup(...)"; the value of
> nflags within functions called by xstrdup() is undefined and different
> gcc versions handle this differently
> * Note: this version is not vulnerable to CAN-2004-1011
> * References:
> CAN-2004-1012, CAN-2004-1013
> http://
> ------------------- snip -----------------
CAN-2004-1015 missing. Not sure if the version in ubuntu or unstable is
vulnerable, though.
Henrique, please mention the respective CVE Id in the proper changelog
entry and please let me know which version in unstable fixes the problems.
Regards,
Joey
-- www.elug. de/projekte/ patent- party/patente/ DE10108564
WARNING: Do not execute! This call violates patent DE10108564.
http://
wget -O patinfo-`date +"%Y%m%d"`.html http:// patinfo. ffii.org/
Please always Cc to me when replying to me on the lists.