Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 108206

Summary: net-mail/uw-imap buffer overflow
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: major CC: net-mail+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B1 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-05 11:35:35 UTC
Install imap-2004g, or later version, to fix a buffer overflow problem.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-05 11:37:26 UTC
net-mail please bump. 
Comment 2 Andrej Kacian (RETIRED) gentoo-dev 2005-10-05 15:06:00 UTC
uw-imap-2004g.ebuild is in CVS now. Note that it might not work with
FEATURES="collision-protect", as it has some common files with mail-client/pine.
Bug #105313 deals, or will deal with this.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-05 22:26:14 UTC
Arches please test and mark stable. Note comment #2. 
Comment 4 Simon Stelling (RETIRED) gentoo-dev 2005-10-06 04:14:20 UTC
uhm, wouldn't it be the best thing to block pine for 2004g and then split the
package into two parts as suggested in bug #105313 for -r1?
Comment 5 Andrej Kacian (RETIRED) gentoo-dev 2005-10-06 04:43:14 UTC
I'm working on the split, and will commit -r1 in a few minutes. I suggest arch
teams wait for -r1 and test it, along with keywording the new
net-mail/uw-mailutils package.
Comment 6 Andrej Kacian (RETIRED) gentoo-dev 2005-10-06 04:58:47 UTC
Ok, net-mail/uw-mailutils-2004g and net-mail/uw-imap-2004g-r1 are now in CVS,
with the latter DEPENDing on the former.

I've stripped KEYWORDS from the latter to just ~x86, arch teams, please keyword
uw-mailutils readd your arch back to uw-imap.

I'll do the x86 keyword, I'm testing uw-imap right now.
Comment 7 Andrej Kacian (RETIRED) gentoo-dev 2005-10-06 05:22:59 UTC
x86 tested and working
Comment 8 Fernando J. Pereda (RETIRED) gentoo-dev 2005-10-06 08:04:36 UTC
Both done for alpha.

Comment 9 Gustavo Zacarias (RETIRED) gentoo-dev 2005-10-06 12:31:53 UTC
sparc stable.
Comment 10 Brent Baude (RETIRED) gentoo-dev 2005-10-06 16:48:38 UTC
Ok, tested and marked ppc64 stable.
Comment 11 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-10-07 03:15:40 UTC
Stable on ppc and hppa. For the next time, please bump according to policy: mark
all arches unstable (~), but leave them in KEYWORDS.
Comment 12 Simon Stelling (RETIRED) gentoo-dev 2005-10-07 04:47:28 UTC
does uw-imap really hard-depend on uw-mailutils? that way it's still not
possible to have both uw-imap and pine installed, now pine just collides with
uw-mailutils, which still doesn't have DEPEND=!mail-client/pine

anyway, this is not very critical, so amd64 is stable too
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2005-10-11 05:04:32 UTC
GLSA 200510-10