Comment 4 for bug 485973

In Ubuntu, the php imap plugin is in a separate php-imap source package.

Although USN-628-1 says CVE-2008-2829 was fixed, it was a mistake. The actual binary isn't built from the php5 source package.

CVE-2008-2829 needs to be fixed in the php-imap source package that's in universe.