Summary: | <net-mail/cyrus-imapd-3.0.13: lmtpd component allows to create mailboxes with administrator privileges bypassing ACL checks (CVE-2019-19783) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | eras, mgorny |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html#security-fixes | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: |
net-mail/cyrus-imapd-3.0.13
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-12-23 21:50:07 UTC
After discussion we (security) aren't interested in keeping this package alive. @ Treecleaner(s): Please do your job (maybe someone else will step up and take care). Apparently it's been taken care of: commit bccf2ea2f117c28889359760444e1740e96b7f97 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2020-04-09 16:07:45 +0200 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-04-09 16:07:45 +0200 net-mail/cyrus-imapd: security bump to 3.0.13 also fixes building with new versions of libcap and gcc-10 Closes: https://bugs.gentoo.org/713728 Closes: https://bugs.gentoo.org/713502 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Eray Aslan <eras@gentoo.org> @maintainer(s), please advise if ready for stabilisation, or call yourself Arches, please test and mark stable =net-mail/cyrus-imapd-3.0.13 Target Keywords = amd64 ~arm ~hppa ~ia64 ppc ppc64 ~sparc x86 x86 stable @amd64: ping ppc stable amd64 stable @ppc64: ping This issue was resolved and addressed in GLSA 202006-23 at https://security.gentoo.org/glsa/202006-23 by GLSA coordinator Aaron Bauman (b-man). re-opened for ppc64 and cleanup. @ppc64: ping cyrus-imapd-3.0.13 shows several build failures on ppc64, depending on USE-flags (e.g. bug #738276, bug #738278, bug #738280). ppc64 done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0da8073555542ada0b0053360f9e07285b01966c commit 0da8073555542ada0b0053360f9e07285b01966c Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2020-09-08 06:40:32 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-09-08 06:40:32 +0000 net-mail/cyrus-imapd: cleanup Bug: https://bugs.gentoo.org/703630 Package-Manager: Portage-3.0.6, Repoman-3.0.1 Signed-off-by: Eray Aslan <eras@gentoo.org> net-mail/cyrus-imapd/Manifest | 2 - net-mail/cyrus-imapd/cyrus-imapd-3.0.10-r1.ebuild | 225 ---------------------- net-mail/cyrus-imapd/cyrus-imapd-3.0.11.ebuild | 225 ---------------------- 3 files changed, 452 deletions(-) Thanks! All done. |