Summary: | net-mail/mailutils various vulnerabilities (format string, DoS, buffer overflow...) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Cornelius (RETIRED) <dercorny> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | blocker | CC: | net-mail+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Other | ||
Whiteboard: | B0 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Cornelius (RETIRED)
2005-05-26 02:51:24 UTC
net-mail: Please bump to 0.6.90 which fixes these issues. Looks like remote root to me in default config, so we are kinda in a hurry now. ferdy is looking if the 0.6.90 is not too-much-of-an-alpha version. Backported the patches to 0.6, commited as 0.6-r1. Had to drop ~alpha keyword Cheers, Ferdy alpha: could you have a look on what it doesn't compile ? Given the impact, we might release the GLSA today so if it can meet ~alpha in the meantime, all the better... Got the go-ahead from kloeri, this is ready for GLSA Thanks everyone, GLSA 200505-20 is out ferdy, I'm the Debian maintainer. Have a look at http://svn.debian.org/wsvn/pkg-mailutils/trunk/debian/patches/04_imap4d_ulong_max.patch?op=file&rev=0&sc=0 for a patch for 64 bit architectures. Basically, you'd have to add that to your backport (I'm assuming you dropped alpha because it fails to run the testsuite successfully). Contact me at jordi@debian.org if you need more. |