79874 2005-01-28 10:43 0000 <net-mail/uw-imap-2004b fails to properly authenticate users when using CRAM-MD5 2005-06-26 05:52:48 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All All RESOLVED FIXED B3 [glsa] P2 normal --- 1 carlo@gentoo.org security@gentoo.org ticho@gentoo.org carlo@gentoo.org 2005-01-28 10:43:08 0000 A vulnerablility in an authentication method for the University of Washington IMAP server could allow a remote attacker to access any user's mailbox. http://www.kb.cert.org/vuls/id/702777 koon@gentoo.org 2005-01-28 14:13:56 0000 2004c is in portage, just needing to be marked stable. Arches: please test and mark stable hansmi@gentoo.org 2005-01-28 14:34:29 0000 Stable on ppc. weeve@gentoo.org 2005-01-29 09:31:54 0000 Stable on sparc. luckyduck@gentoo.org 2005-01-29 10:19:09 0000 stable on amd64 kloeri@gentoo.org 2005-01-30 11:44:26 0000 Stable on alpha. koon@gentoo.org 2005-01-31 05:06:38 0000 Waiting for x86 testing. Voting for GLSA: I vote YES, this is nasty. jaervosz@gentoo.org 2005-01-31 07:05:27 0000 I vote for a GLSA on this one as well. koon@gentoo.org 2005-02-01 09:08:00 0000 ticho: if you tested it please mark stable for x86, we need it to issue the GLSA tester@gentoo.org 2005-02-01 12:22:27 0000 sorry for the delay, x86 is there ... ticho@gentoo.org 2005-02-01 12:32:34 0000 tester already marked this stable on x86 (with an invalid changelog entry, I might add). I can confirm that the proble is indeed gone. Is there any reason not to CC net-mail when a net-mail security bug pops up? I didn't even know about this vulnerability until now. koon@gentoo.org 2005-02-01 13:31:09 0000 ticho: the fixed package was already there so we just asked for stable markings. We should have cc-d you anyway, you're right. jaervosz@gentoo.org 2005-02-02 05:11:30 0000 GLSA 200502-02 killerfox@gentoo.org 2005-06-26 05:52:48 0000 Already stable on hppa