Summary: | mail-mta/xmail: security update + init script forgets to copy resolve libs | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ceesjan Luiten <quinox_san_> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | net-mail+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Ceesjan Luiten
2005-10-15 10:06:01 UTC
Noone ? It is kind of bad if we leave an exploitable version of a mail server in portage for this long :/ 1.22 is masked in the tree (wait a few minutes for mirrors to pick it up), could you please test it and see if it works for you so that I can remove the vuln package and have the sec team issuing a GLSA? (Moving to Security) It compiles without any problems and it runs fine :) x86 or maintainer can go ahead and mark stable CVE-2005-2943 Local exploitation of a buffer overflow vulnerability in XMail, as distributed with multiple vendors' operating systems, allows local attackers to execute arbitrary code with elevated privileges. GLSA 200512-05 |