Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 269129 - <net-mail/vpopmail-5.4.33, <net-mail/qmailadmin-1.2.15-r1: Integer Overflow for user's quota
Summary: <net-mail/vpopmail-5.4.33, <net-mail/qmailadmin-1.2.15-r1: Integer Overflow f...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/archive/...
Whiteboard: B4 [noglsa]
Keywords:
: 378371 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-05-09 13:19 UTC by Stratos Psomadakis (RETIRED)
Modified: 2013-09-14 02:15 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stratos Psomadakis (RETIRED) gentoo-dev 2009-05-09 13:19:14 UTC 
net-mail/vpopmail is prone to several Integer Overflows due that
numeric types of more range are needed to store user's quota nowadays(quota
over 2GB).
bug description here
http://www.securityfocus.com/archive/1/503375

Reproducible: Always
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2013-05-31 00:00:57 UTC 
*** Bug 378371 has been marked as a duplicate of this bug. ***
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2013-05-31 00:03:16 UTC 
I have fixed this in qmailadmin-1.2.15-r1 with a custom patch.

This is already fixed in upstream vpopmail-5.4.33.
Upstream vpopmail changelog:
====
5.4.33 -
  Matt Brookings
...
  - Changed relevant quota code to use storage_t 64bit type 
...
===

Arches, please stabilize vpopmail-5.4.33 and qmailadmin-1.2.15-r1.

Target keywords:
qmailadmin-1.2.15-r1: amd64 arm ppc s390 sh sparc x86
vpopmail-5.4.33: amd64 arm ia64 s390 sh sparc x86
Comment 3 Agostino Sarubbo gentoo-dev 2013-06-05 15:27:34 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-06-05 15:27:50 UTC 
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-06-09 11:36:08 UTC 
ia64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-06-09 11:36:29 UTC 
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-06-09 11:36:53 UTC 
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-06-09 12:14:09 UTC 
s390 stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-06-11 11:05:15 UTC 
sh stable
Comment 10 Markus Meier gentoo-dev 2013-06-11 18:58:33 UTC 
arm stable, all arches done.
Comment 11 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-11 05:35:43 UTC 
GLSA vote: no.
Comment 12 Sean Amoss (RETIRED) gentoo-dev Security 2013-09-14 02:15:40 UTC 
GLSA vote: no.

Closing noglsa.