|Summary:||net-mail/uw-imap buffer overflow|
|Product:||Gentoo Security||Reporter:||Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Whiteboard:||B1 [glsa] jaervosz|
|Package list:||Runtime testing required:||---|
Description Sune Kloppenborg Jeppesen (RETIRED) 2005-10-05 11:35:35 UTC
Install imap-2004g, or later version, to fix a buffer overflow problem.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) 2005-10-05 11:37:26 UTC
net-mail please bump.
Comment 2 Andrej Kacian (RETIRED) 2005-10-05 15:06:00 UTC
uw-imap-2004g.ebuild is in CVS now. Note that it might not work with FEATURES="collision-protect", as it has some common files with mail-client/pine. Bug #105313 deals, or will deal with this.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) 2005-10-05 22:26:14 UTC
Arches please test and mark stable. Note comment #2.
Comment 4 Simon Stelling (RETIRED) 2005-10-06 04:14:20 UTC
uhm, wouldn't it be the best thing to block pine for 2004g and then split the package into two parts as suggested in bug #105313 for -r1?
Comment 5 Andrej Kacian (RETIRED) 2005-10-06 04:43:14 UTC
I'm working on the split, and will commit -r1 in a few minutes. I suggest arch teams wait for -r1 and test it, along with keywording the new net-mail/uw-mailutils package.
Comment 6 Andrej Kacian (RETIRED) 2005-10-06 04:58:47 UTC
Ok, net-mail/uw-mailutils-2004g and net-mail/uw-imap-2004g-r1 are now in CVS, with the latter DEPENDing on the former. I've stripped KEYWORDS from the latter to just ~x86, arch teams, please keyword uw-mailutils readd your arch back to uw-imap. I'll do the x86 keyword, I'm testing uw-imap right now.
Comment 7 Andrej Kacian (RETIRED) 2005-10-06 05:22:59 UTC
x86 tested and working
Comment 8 Fernando J. Pereda (RETIRED) 2005-10-06 08:04:36 UTC
Both done for alpha. Cheers, Ferdy
Comment 9 Gustavo Zacarias (RETIRED) 2005-10-06 12:31:53 UTC
Comment 10 Brent Baude (RETIRED) 2005-10-06 16:48:38 UTC
Ok, tested and marked ppc64 stable.
Comment 11 Michael Hanselmann (hansmi) (RETIRED) 2005-10-07 03:15:40 UTC
Stable on ppc and hppa. For the next time, please bump according to policy: mark all arches unstable (~), but leave them in KEYWORDS.
Comment 12 Simon Stelling (RETIRED) 2005-10-07 04:47:28 UTC
does uw-imap really hard-depend on uw-mailutils? that way it's still not possible to have both uw-imap and pine installed, now pine just collides with uw-mailutils, which still doesn't have DEPEND=!mail-client/pine anyway, this is not very critical, so amd64 is stable too
Comment 13 Thierry Carrez (RETIRED) 2005-10-11 05:04:32 UTC