Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 140514

Summary: mail-mta/xmail - security cleanup needed
Product: Gentoo Linux Reporter: Jakub Moc (RETIRED) <jakub>
Component: New packagesAssignee: Net-Mail Packages <net-mail+disabled>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: 2006.0   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 146062    

Description Jakub Moc (RETIRED) gentoo-dev 2006-07-15 09:47:42 UTC
dev-libs/cyrus-sasl-2.1.18-r2: vulnerable via glsa(200604-09) ( ver-rev < 2.1.21-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
dev-libs/cyrus-sasl-2.1.19-r1: vulnerable via glsa(200604-09) ( ver-rev < 2.1.21-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
dev-libs/cyrus-sasl-2.1.20: vulnerable via glsa(200604-09) ( ver-rev < 2.1.21-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
dev-libs/cyrus-sasl-2.1.20-r1: vulnerable via glsa(200604-09) ( ver-rev < 2.1.21-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
dev-libs/cyrus-sasl-2.1.20-r2: vulnerable via glsa(200604-09) ( ver-rev < 2.1.21-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
dev-libs/cyrus-sasl-2.1.20-r3: vulnerable via glsa(200604-09) ( ver-rev < 2.1.21-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
dev-libs/cyrus-sasl-2.1.21: vulnerable via glsa(200604-09) ( ver-rev < 2.1.21-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
dev-libs/cyrus-sasl-2.1.21-r1: vulnerable via glsa(200604-09) ( ver-rev < 2.1.21-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')

mail-client/mutt-1.4.2.1: vulnerable via glsa(200606-27) ( ver-rev < 1.5.11-r2 ), affects ('alpha', 'hppa', 'mips', 'ppc', 'sparc', 'x86')
mail-client/mutt-1.5.8-r1: vulnerable via glsa(200606-27) ( ver-rev < 1.5.11-r2 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'mips', 'ppc', 'ppc-macos', 'ppc64', 'sparc', 'x86')
mail-client/mutt-1.5.8-r2: vulnerable via glsa(200606-27) ( ver-rev < 1.5.11-r2 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'mips', 'ppc', 'ppc-macos', 'ppc64', 'sparc', 'x86')
mail-client/mutt-1.5.9: vulnerable via glsa(200606-27) ( ver-rev < 1.5.11-r2 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'mips', 'ppc', 'ppc-macos', 'ppc64', 'sparc', 'x86')
mail-client/mutt-1.5.10-r1: vulnerable via glsa(200606-27) ( ver-rev < 1.5.11-r2 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'mips', 'ppc', 'ppc-macos', 'ppc64', 'sparc', 'x86')
mail-client/mutt-1.5.11: vulnerable via glsa(200606-27) ( ver-rev < 1.5.11-r2 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'mips', 'ppc', 'ppc-macos', 'ppc64', 'sparc', 'x86')
mail-client/mutt-1.5.11-r1: vulnerable via glsa(200606-27) ( ver-rev < 1.5.11-r2 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'mips', 'ppc', 'ppc-macos', 'ppc64', 'sparc', 'x86')

mail-mta/sendmail-8.13.3: vulnerable via glsa(200606-19) ( ver-rev < 8.13.6-r1 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
mail-mta/sendmail-8.13.3: vulnerable via glsa(200603-21) ( ver < 8.13.6 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
mail-mta/sendmail-8.13.4: vulnerable via glsa(200606-19) ( ver-rev < 8.13.6-r1 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
mail-mta/sendmail-8.13.4: vulnerable via glsa(200603-21) ( ver < 8.13.6 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
mail-mta/sendmail-8.13.4-r1: vulnerable via glsa(200606-19) ( ver-rev < 8.13.6-r1 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
mail-mta/sendmail-8.13.4-r1: vulnerable via glsa(200603-21) ( ver < 8.13.6 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
mail-mta/sendmail-8.13.5: vulnerable via glsa(200606-19) ( ver-rev < 8.13.6-r1 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
mail-mta/sendmail-8.13.5: vulnerable via glsa(200603-21) ( ver < 8.13.6 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
mail-mta/sendmail-8.13.6: vulnerable via glsa(200606-19) ( ver-rev < 8.13.6-r1 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 's390', 'sparc', 'x86')

mail-mta/xmail-1.16-r1: vulnerable via glsa(200512-05) ( ver < 1.22 ), affects ('ppc', 'sparc', 'x86')
mail-mta/xmail-1.20: vulnerable via glsa(200512-05) ( ver < 1.22 ), affects ('sparc', 'x86')
mail-mta/xmail-1.21: vulnerable via glsa(200512-05) ( ver < 1.22 ), affects ('ppc', 'sparc', 'x86')

Please, clean up the above. Thanks!
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2006-07-15 09:56:29 UTC
Also:

net-mail/metamail-2.7.45.3: vulnerable via glsa(200603-16) ( ver-rev < 2.7.45.3-r1 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
Comment 2 Tuan Van (RETIRED) gentoo-dev 2006-07-15 16:03:05 UTC
net-mail/metamail: done
dev-libs/cyrus-sasl: removed most except cyrus-sasl-2.1.20.ebuild. mips needs to stable cyrus-sasl-2.1.21-r2.ebuild before 2.1.20 can be removed.
Comment 3 Andrea Barisani (RETIRED) gentoo-dev 2006-08-10 03:47:38 UTC
net-mail/sendmail: done
Comment 4 Fernando J. Pereda (RETIRED) gentoo-dev 2006-08-14 11:10:15 UTC
mail-client/mutt done. I have to leave mail-client/mutt-1.5.11 (vulnerable) in the tree because it's the latest version keyworded stable for mips.

Re-add me if you need anything else.

Thanks.

- ferdy
Comment 5 Joshua Kinard gentoo-dev 2006-09-03 16:03:57 UTC
cyrus-sasl, mutt stable on mips.
Comment 6 Tuan Van (RETIRED) gentoo-dev 2006-09-11 09:25:41 UTC
dev/libs/cyrus-sasl done
Comment 7 Andrej Kacian (RETIRED) gentoo-dev 2006-09-13 08:25:27 UTC
xmail ebuilds pruned, closing bug.