Summary: | <=net-mail/dovecot-1.1.7-r1: Remote code execution in sieve plugin (CVE-2009-3235) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Orlitzky <mjo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | bugs+gentoo, net-mail+disabled, patrick |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.dovecot.org/list/dovecot-news/2009-September/000135.html | ||
Whiteboard: | C1 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 285211, 314533 | ||
Bug Blocks: |
Description
Michael Orlitzky
2009-09-28 20:35:52 UTC
Yes, our "sieve" wasn't patched. + 05 Oct 2009; Patrick Lauer <patrick@gentoo.org> +dovecot-1.1.19.ebuild: + Bump for 1.1 series Arches, please test and mark stable: =net-mail/dovecot-1.1.19 Target keywords : "alpha amd64 ppc sparc x86" patrick, can you remove older ebuilds, when 1.1.19 is stable? x86 stable Stable on alpha. amd64 stable sparc stable Marked ppc stable. GLSA request filed. glsa request filed waiting for 314533 wrt glsa... I think it's safe to close this now? No, it is not. The gentoo security team will close this bug after the GLSA was sent. This issue was resolved and addressed in GLSA 201110-04 at http://security.gentoo.org/glsa/glsa-201110-04.xml by GLSA coordinator Stefan Behte (craig). |