perdition (1.17-7ubuntu0.7.10.1) gutsy-security; urgency=low
* SECURITY UPDATE: The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. * perdition/imap4_in.c: Added patch according to upstream (LP: #162543) (See: http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46) * References: CVE-2007-5740 https://bugs.edge.launchpad.net/ubuntu/dapper/+source/perdition/+bug/162543 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448853 http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46
-- Stephan Hermann <email address hidden> Wed, 14 Nov 2007 13:44:43 +0100
perdition (1.17-7ubuntu0. 7.10.1) gutsy-security; urgency=low
* SECURITY UPDATE: The format string protection imap4_in. c: Added patch according to upstream (LP: #162543) perdition. cvs.sourceforge .net/perdition/ perdition/ perdition/ imap4_in. c?r1=1. 45&r2=1. 46) /bugs.edge. launchpad. net/ubuntu/ dapper/ +source/ perdition/ +bug/162543 bugs.debian. org/cgi- bin/bugreport. cgi?bug= 448853 perdition. cvs.sourceforge .net/perdition/ perdition/ perdition/ imap4_in. c?r1=1. 45&r2=1. 46
mechanism in IMAPD for Perdition Mail Retrieval
Proxy 1.17 and earlier allows remote attackers to
execute arbitrary code via an IMAP tag with a null
byte followed by a format string specifier,
which is not counted by the mechanism.
* perdition/
(See: http://
* References:
CVE-2007-5740
https:/
http://
http://
-- Stephan Hermann <email address hidden> Wed, 14 Nov 2007 13:44:43 +0100