Summary: | <mail-mta/courier-1.1.5: STARTTLS injection for POP3 protocol | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | Flags: | nattka:
sanity-check-
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=807292 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: |
net-libs/courier-unicode-2.2.3 amd64 arm arm64 hppa ppc ppc64 sparc x86
net-libs/courier-authlib-0.71.3 amd64 arm arm64 hppa ppc ppc64 sparc x86
mail-mta/courier-1.1.5
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 807352 |
Description
Hanno Böck
2021-08-05 18:56:57 UTC
Thanks! Add CC-ARCHES when it's ready to be stabled. Archs, please stabilize. ppc64 done ppc done amd64 done x86 done arm done sparc stable. Maintainer(s), please cleanup. Security, please vote. Keywords are not fully specified and arches are not CC-ed for the following packages: - =mail-mta/courier-1.1.5 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98ee95beb4125bf3cffadd31e22b1a9aab678ab4 commit 98ee95beb4125bf3cffadd31e22b1a9aab678ab4 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-08-16 02:22:28 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-08-16 02:24:05 +0000 net-libs/courier-authlib: subscribe to courier-unicode subslot Bug: https://bugs.gentoo.org/806595 Bug: https://bugs.gentoo.org/807292 Signed-off-by: Sam James <sam@gentoo.org> ...ourier-authlib-0.69.0-r3.ebuild => courier-authlib-0.69.0-r4.ebuild} | 2 +- ...ourier-authlib-0.70.0-r2.ebuild => courier-authlib-0.70.0-r3.ebuild} | 2 +- ...ourier-authlib-0.71.0-r2.ebuild => courier-authlib-0.71.0-r3.ebuild} | 2 +- ...ourier-authlib-0.71.1-r2.ebuild => courier-authlib-0.71.1-r3.ebuild} | 2 +- ...ourier-authlib-0.71.2-r2.ebuild => courier-authlib-0.71.2-r3.ebuild} | 2 +- .../{courier-authlib-0.71.3.ebuild => courier-authlib-0.71.3-r1.ebuild} | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6b4101a6edb95c607a9390e5ed67b61f65c0497 commit a6b4101a6edb95c607a9390e5ed67b61f65c0497 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-08-16 02:21:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-08-16 02:24:00 +0000 net-mail/courier-imap: subscribe to courier-unicode subslot Bug: https://bugs.gentoo.org/806595 Bug: https://bugs.gentoo.org/807292 Signed-off-by: Sam James <sam@gentoo.org> .../{courier-imap-5.1.2.ebuild => courier-imap-5.1.2-r1.ebuild} | 6 +++--- .../{courier-imap-5.1.3.ebuild => courier-imap-5.1.3-r1.ebuild} | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fdd9cd787d7b14073350e54f4a3ac1e123d07ad8 commit fdd9cd787d7b14073350e54f4a3ac1e123d07ad8 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-08-16 02:20:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-08-16 02:23:56 +0000 mail-mta/courier: subscribe to courier-unicode subslot Bug: https://bugs.gentoo.org/806595 Bug: https://bugs.gentoo.org/807292 Signed-off-by: Sam James <sam@gentoo.org> mail-mta/courier/{courier-1.0.13.ebuild => courier-1.0.13-r1.ebuild} | 4 ++-- mail-mta/courier/{courier-1.0.14.ebuild => courier-1.0.14-r1.ebuild} | 4 ++-- mail-mta/courier/{courier-1.0.17.ebuild => courier-1.0.17-r1.ebuild} | 4 ++-- mail-mta/courier/{courier-1.0.5.ebuild => courier-1.0.5-r1.ebuild} | 4 ++-- mail-mta/courier/{courier-1.1.2.ebuild => courier-1.1.2-r1.ebuild} | 4 ++-- mail-mta/courier/{courier-1.1.5.ebuild => courier-1.1.5-r1.ebuild} | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61ab1b57be2f20b62c6b4d420ba4cd3bc0ed326e commit 61ab1b57be2f20b62c6b4d420ba4cd3bc0ed326e Author: Sam James <sam@gentoo.org> AuthorDate: 2021-08-16 02:18:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-08-16 02:23:52 +0000 mail-client/cone: subscribe to courier-unicode subslot Bug: https://bugs.gentoo.org/806595 Bug: https://bugs.gentoo.org/807292 Signed-off-by: Sam James <sam@gentoo.org> mail-client/cone/{cone-1.0.ebuild => cone-1.0-r1.ebuild} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f05ed3fe5451d0e8b341890c083afe38a2883fa commit 0f05ed3fe5451d0e8b341890c083afe38a2883fa Author: Sam James <sam@gentoo.org> AuthorDate: 2021-08-16 02:17:12 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-08-16 02:23:47 +0000 mail-filter/maildrop: subscribe to courier-unicode subslot Bug: https://bugs.gentoo.org/806595 Bug: https://bugs.gentoo.org/807292 Signed-off-by: Sam James <sam@gentoo.org> .../maildrop/{maildrop-3.0.0.ebuild => maildrop-3.0.0-r1.ebuild} | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae4b36193858f28bb15a04c15d69459d7f95d45d commit ae4b36193858f28bb15a04c15d69459d7f95d45d Author: Sam James <sam@gentoo.org> AuthorDate: 2021-08-16 02:14:45 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-08-16 02:23:35 +0000 net-libs/courier-unicode: add subslot for ABI breakage SONAME from 2.1 -> 2.2 went from 4.1.0 -> 7.0.0. Bug: https://bugs.gentoo.org/806595 Bug: https://bugs.gentoo.org/807292 Signed-off-by: Sam James <sam@gentoo.org> .../{courier-unicode-2.2.3.ebuild => courier-unicode-2.2.3-r1.ebuild} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Unable to check for sanity:
> no match for package: net-libs/courier-unicode-2.2.3
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=48307799432614ef292a2eef80331e050e1a033a commit 48307799432614ef292a2eef80331e050e1a033a Author: Hanno Böck <hanno@gentoo.org> AuthorDate: 2022-01-17 11:15:14 +0000 Commit: Hanno Böck <hanno@gentoo.org> CommitDate: 2022-01-17 11:15:14 +0000 mail-mta/courier: Cleanup old versions Signed-off-by: Hanno Böck <hanno@gentoo.org> Bug: https://bugs.gentoo.org/806595 Package-Manager: Portage-3.0.30, Repoman-3.0.3 mail-mta/courier/Manifest | 5 - mail-mta/courier/courier-1.0.13-r1.ebuild | 312 ----------------------------- mail-mta/courier/courier-1.0.14-r1.ebuild | 312 ----------------------------- mail-mta/courier/courier-1.0.17-r1.ebuild | 312 ----------------------------- mail-mta/courier/courier-1.0.5-r1.ebuild | 317 ------------------------------ mail-mta/courier/courier-1.1.2-r1.ebuild | 312 ----------------------------- 6 files changed, 1570 deletions(-) Thanks Hanno! FWIW as one of the authors of the research disclosing that bug I think it doesn't need a GLSA. We couldn't find a practical exploit for the POP3 case. For SMTP and IMAP this is a serious vuln, but that wasn't vulnerable in courier. (In reply to Hanno Böck from comment #14) > FWIW as one of the authors of the research disclosing that bug I think it > doesn't need a GLSA. We couldn't find a practical exploit for the POP3 case. > For SMTP and IMAP this is a serious vuln, but that wasn't vulnerable in > courier. Makes sense, thanks! Closing |