Summary: | mail-client/mutt: IMAP Buffer Overflow (CVE-2006-3242) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Harlan Lieberman-Berg (RETIRED) <hlieberman> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | agriffis, ferdy, hlieberman |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/20810/ | ||
Whiteboard: | A2 [glsa] hlieberman | ||
Package list: | Runtime testing required: | --- |
Description
Harlan Lieberman-Berg (RETIRED)
![]() Fixed Severity -- Sorry 'bout that. Though we appear to be out of the affected version range, Falco believes that we are still vulnerable. Herd, can you run a sanity check on this one? I patched imap/browse.c in our ebuild and added it as mutt-1.5.11-r2 - ferdy Thanks ferdy hi arches, please mark 1.5.11-r2 as stable, thank you Hi ferdy, Is there any reason why mutt isn't using autoconf-2.60? I can't install the new ebuild because it requires a downgrade autoconf to 2.59-r7, resulting in dependency ping-pong. (maildrop is another package still using 2.59.) Cheers, Probably because otherwise ppc-macos cannot compile any more. I don't know if a >= is possible. (In reply to comment #6) > Probably because otherwise ppc-macos cannot compile any more. I don't know if > a >= is possible. Works for me (x86.) Because I forgot to remove that dependencies, sorry. Should work now. (worked for me in alpha and x86 at least). I just commit a new version of -r2 without explicit dependencies and without WANT_AUTOCONF. - ferdy ppc stable stable on ppc64 ppc-macos done. I also ported the patch to muttng and included the patch there. muttng-20060619-r1 has the patch included. x86 done... if we're supposed to do soemthing with muttng, add us back stable on hppa Alpha done. sparc stable. amd64 stable This was fast, thanks. Let's go for the GLSA Updated CVE info. GLSA 200606-27 committed. Good job everyone. http://www.gentoo.org/security/en/glsa/glsa-200606-27.xml &nsbp; Harlan please don't close security bugs:-) Mail is finally out on announce. GLSA 200606-27 mips, ia64 don't forget to mark stable to benifit from the GLSA. |