uw-imap client segfaults

#0 0xb7ae08b1 in memcpy () from /lib/tls/i686/cmov/libc.so.6
#1 0xb6fb86bd in tcp_getbuffer () from /usr/lib/libc-client.so.2007b
#2 0xb6fc79a2 in net_getbuffer () from /usr/lib/libc-client.so.2007b
#3 0xb6ff4df6 in imap_parse_string () from /usr/lib/libc-client.so.2007b
#4 0xb6ff9f03 in imap_parse_unsolicited () from /usr/lib/libc-client.so.2007b
#5 0xb6ffb50f in imap_reply () from /usr/lib/libc-client.so.2007b
#6 0xb6ffb667 in imap_sout () from /usr/lib/libc-client.so.2007b
#7 0xb6ffd592 in imap_send () from /usr/lib/libc-client.so.2007b
#8 0xb7001ea1 in imap_msgdata () from /usr/lib/libc-client.so.2007b
#9 0xb6fd2853 in mail_fetch_body () from /usr/lib/libc-client.so.2007b
#10 0xb70c0bcd in zif_imap_fetchbody () from /usr/lib/php5/20060613+lfs/imap.so

Does this affect Jaunty? It seems that Jaunty has a new libc-client package that should work.(According to debian testing branch changelog)
We could use this package in hardy also, if it fixes this potential security problem.

On Thu, Jun 11, 2009 at 6:03 AM, Mikko Ruohola <email address hidden>wrote:

> Does this affect Jaunty? It seems that Jaunty has a new libc-client package
> that should work.(According to debian testing branch changelog)
> We could use this package in hardy also, if it fixes this potential
> security problem.
>

Jaunty is no better. I even recompiled php-imap and the latest libc-client
from UW and the problem still exists.

In fact, after watching UW IMAP compile I decided to never use it again in
favor of a native code PHP IMAP client (Zend_Mail). There must be thousands
of incorrectly cast variables in the UW code. The warnings coming out of
GCC make me suspect there are a lot of undiscovered security problems.

--
  David L Norris
  http://webaugur.com/