108206 2005-10-05 11:35 0000 net-mail/uw-imap buffer overflow 2005-10-11 05:04:32 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://www.washington.edu/imap/ B1 [glsa] jaervosz P2 major --- 1 jaervosz@gentoo.org security@gentoo.org net-mail@gentoo.org jaervosz@gentoo.org 2005-10-05 11:35:35 0000 Install imap-2004g, or later version, to fix a buffer overflow problem. jaervosz@gentoo.org 2005-10-05 11:37:26 0000 net-mail please bump. ticho@gentoo.org 2005-10-05 15:06:00 0000 uw-imap-2004g.ebuild is in CVS now. Note that it might not work with FEATURES="collision-protect", as it has some common files with mail-client/pine. Bug #105313 deals, or will deal with this. jaervosz@gentoo.org 2005-10-05 22:26:14 0000 Arches please test and mark stable. Note comment #2. blubb@gentoo.org 2005-10-06 04:14:20 0000 uhm, wouldn't it be the best thing to block pine for 2004g and then split the package into two parts as suggested in bug #105313 for -r1? ticho@gentoo.org 2005-10-06 04:43:14 0000 I'm working on the split, and will commit -r1 in a few minutes. I suggest arch teams wait for -r1 and test it, along with keywording the new net-mail/uw-mailutils package. ticho@gentoo.org 2005-10-06 04:58:47 0000 Ok, net-mail/uw-mailutils-2004g and net-mail/uw-imap-2004g-r1 are now in CVS, with the latter DEPENDing on the former. I've stripped KEYWORDS from the latter to just ~x86, arch teams, please keyword uw-mailutils readd your arch back to uw-imap. I'll do the x86 keyword, I'm testing uw-imap right now. ticho@gentoo.org 2005-10-06 05:22:59 0000 x86 tested and working ferdy@gentoo.org 2005-10-06 08:04:36 0000 Both done for alpha. Cheers, Ferdy gustavoz@gentoo.org 2005-10-06 12:31:53 0000 sparc stable. ranger@gentoo.org 2005-10-06 16:48:38 0000 Ok, tested and marked ppc64 stable. hansmi@gentoo.org 2005-10-07 03:15:40 0000 Stable on ppc and hppa. For the next time, please bump according to policy: mark all arches unstable (~), but leave them in KEYWORDS. blubb@gentoo.org 2005-10-07 04:47:28 0000 does uw-imap really hard-depend on uw-mailutils? that way it's still not possible to have both uw-imap and pine installed, now pine just collides with uw-mailutils, which still doesn't have DEPEND=!mail-client/pine anyway, this is not very critical, so amd64 is stable too koon@gentoo.org 2005-10-11 05:04:32 0000 GLSA 200510-10