Bug 108206 - net-mail/uw-imap buffer overflow
|
Bug#:
108206
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: major
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: jaervosz@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://www.washington.edu/imap/
|
|
Summary: net-mail/uw-imap buffer overflow
|
|
Keywords:
|
|
Status Whiteboard: B1 [glsa] jaervosz
|
|
Opened: 2005-10-05 11:35 0000
|
Install imap-2004g, or later version, to fix a buffer overflow problem.
uw-imap-2004g.ebuild is in CVS now. Note that it might not work with
FEATURES="collision-protect", as it has some common files with mail-client/pine.
Bug #105313 deals, or will deal with this.
Arches please test and mark stable. Note comment #2.
uhm, wouldn't it be the best thing to block pine for 2004g and then split the
package into two parts as suggested in bug #105313 for -r1?
I'm working on the split, and will commit -r1 in a few minutes. I suggest arch
teams wait for -r1 and test it, along with keywording the new
net-mail/uw-mailutils package.
Ok, net-mail/uw-mailutils-2004g and net-mail/uw-imap-2004g-r1 are now in CVS,
with the latter DEPENDing on the former.
I've stripped KEYWORDS from the latter to just ~x86, arch teams, please keyword
uw-mailutils readd your arch back to uw-imap.
I'll do the x86 keyword, I'm testing uw-imap right now.
Both done for alpha.
Cheers,
Ferdy
Ok, tested and marked ppc64 stable.
Stable on ppc and hppa. For the next time, please bump according to policy:
mark
all arches unstable (~), but leave them in KEYWORDS.
does uw-imap really hard-depend on uw-mailutils? that way it's still not
possible to have both uw-imap and pine installed, now pine just collides with
uw-mailutils, which still doesn't have DEPEND=!mail-client/pine
anyway, this is not very critical, so amd64 is stable too
