Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 699032 (CVE-2016-10937)

Summary: <mail-filter/imapfilter-2.6.16: missing validation for hostname in an SSL certificate (CVE-2016-10937)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor Flags: stable-bot: sanity-check+
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/15098
Whiteboard: B4 [glsa cve]
Package list:
mail-filter/imapfilter-2.6.16
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-10-31 16:38:44 UTC
CVE-2016-10937 (https://nvd.nist.gov/vuln/detail/CVE-2016-10937):
  IMAPFilter through 2.6.12 does not validate the hostname in an SSL
  certificate.
Comment 1 Larry the Git Cow gentoo-dev 2020-03-25 22:53:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8d4b7c8dc97c3c5c5b689508aa7e1e41a9b49dd

commit e8d4b7c8dc97c3c5c5b689508aa7e1e41a9b49dd
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-03-25 01:51:40 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-25 22:52:55 +0000

    mail-filter/imapfilter: Security bump to 2.6.16
    
    The original bug was first fixed in 2.6.13, and since then various
    improvements to hostname validation were made.
    
    Bug: https://bugs.gentoo.org/699032
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Closes: https://github.com/gentoo/gentoo/pull/15098
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 mail-filter/imapfilter/Manifest                 |  1 +
 mail-filter/imapfilter/imapfilter-2.6.16.ebuild | 43 +++++++++++++++++++++++++
 2 files changed, 44 insertions(+)
Comment 2 Agostino Sarubbo gentoo-dev 2020-03-26 10:18:12 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-03-26 10:21:01 UTC
ppc stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-03-26 10:24:50 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 5 Larry the Git Cow gentoo-dev 2020-03-26 18:28:20 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba65742fe33095ff1dcb02524fa72a00fe8f4c74

commit ba65742fe33095ff1dcb02524fa72a00fe8f4c74
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-26 18:28:09 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-26 18:28:09 +0000

    mail-filter/imapfilter: security cleanup (bug #699032)
    
    Bug: https://bugs.gentoo.org/699032
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 mail-filter/imapfilter/Manifest                 |  2 --
 mail-filter/imapfilter/imapfilter-2.5.6.ebuild  | 38 ----------------------
 mail-filter/imapfilter/imapfilter-2.6.12.ebuild | 43 -------------------------
 3 files changed, 83 deletions(-)
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-26 18:28:44 UTC
GLSA Vote: No!

Repository is clean, all done!