Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 82404

Summary: net-mail/cyrus-imapd New version fix security issues
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: major CC: net-mail+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard: A2 [glsa] vorlon
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-17 14:21:22 UTC
2.2.10 is latest stable on some arches.
Changes to the Cyrus IMAP Server since 2.2.10

      * Fix possible single byte overflow in mailbox handling code. 
      * Fix possible single byte overflows in the imapd annotate extension. 
      * Fix stack buffer overflows in fetchnews (exploitable by peer news
        server), backend (exploitable by admin), and in imapd (exploitable
        by users though only on platforms where a filename may be larger
        than a mailbox name).
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-17 14:23:21 UTC
We already have 2.2.12 in the tree. 

Arches please test and mark stable.
Comment 2 Olivier Crete (RETIRED) gentoo-dev 2005-02-17 14:42:56 UTC
this pulls in mailbase-0.00-r8, is that wanted ?
Comment 3 Andrej Kacian (RETIRED) gentoo-dev 2005-02-17 15:09:11 UTC
Yes, it is. mailbase-0.00-r8 installs common /etc/pam.d/ files for imap and pop3.
Comment 4 Olivier Crete (RETIRED) gentoo-dev 2005-02-17 20:57:14 UTC
x86 there
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2005-02-18 05:05:51 UTC
Shouldn't dev-libs/cyrus-imap-dev and net-mail/cyrus-imap-admin be bumped to 2.2.12 too at least for consistency?
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2005-02-18 05:18:49 UTC
btw, sparc stable :)
Comment 7 Tomasz Orzechowski 2005-02-18 05:35:56 UTC
if dev-libs/cyrus-imap-dev gets bumped to keep versions in sync so should net-mail/cyrus-imap-admin
Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-02-19 03:28:47 UTC
Stable on ppc.
Comment 9 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-02-19 08:53:22 UTC
Stable on hppa.
Comment 10 Matthias Geerdsen (RETIRED) gentoo-dev 2005-02-19 12:45:49 UTC
glsa drafted, security pls review
Comment 11 Marcus D. Hanwell (RETIRED) gentoo-dev 2005-02-23 03:37:46 UTC
Stable on amd64.
Comment 12 Matthias Geerdsen (RETIRED) gentoo-dev 2005-02-23 09:35:40 UTC
GLSA 200502-29

thanks everyone