I am not sure about the security impact of this one. pass it to you guy for audit. Thanks, Tuan
one could argue about the security impact, but this could be interpreted as some kind of DoS due to disk consumption. net-mail, please apply the patch from the upstream bug and bump the ebuild, thx.
patch applied in cyrus-imapd-2.2.12-r5 . Security, now back to you. thanks, Tuan
(In reply to comment #2) > patch applied in cyrus-imapd-2.2.12-r5 . Security, now back to you. > um, the patch attached to upstream bug isn't complete. I put cyrus-imapd-2.2.12-r5 in package.mask for now. Will wait for upstream response to that bug.
any news on this one?
net-mail any news on this one?
(In reply to comment #3) > (In reply to comment #2) > > patch applied in cyrus-imapd-2.2.12-r5 . Security, now back to you. > > > um, the patch attached to upstream bug isn't complete. I put > cyrus-imapd-2.2.12-r5 in package.mask for now. Will wait for upstream response > to that bug. > The last attachment on that bug (https://bugzilla.andrew.cmu.edu/attachment.cgi?id=456&action=view) appears to apply cleanly and also works for me.
Installed here, compiled cleanly and seems to work properly. At least it removed our quota problem.
net-mail please advise regarding https://bugzilla.andrew.cmu.edu/attachment.cgi?id=456&action=view , thanks
"Opened: 2006-08-04 10:04 -0800" net-mail???
net-mail, any news here?
(In reply to comment #6) > The last attachment on that bug > (https://bugzilla.andrew.cmu.edu/attachment.cgi?id=456&action=view) appears to > apply cleanly and also works for me. I'll commit 2.2.12-r6 which includes this patch soon.
Created attachment 125626 [details, diff] 2.2.12-2.2.13-64bit-quotas.diff Changes in attached diff are necessary to get this patch to apply and compile w/ 2.2.13 - can someone from security please verify that the patch for 2.2.13 is still correct?
(In reply to comment #12) > Created an attachment (id=125626) [edit] > 2.2.12-2.2.13-64bit-quotas.diff > > Changes in attached diff are necessary to get this patch to apply and compile > w/ 2.2.13 - can someone from security please verify that the patch for 2.2.13 > is still correct? > What needs to be checked exactly?
(In reply to comment #13) > (In reply to comment #12) > > Created an attachment (id=125626) [edit] > > 2.2.12-2.2.13-64bit-quotas.diff > > > > Changes in attached diff are necessary to get this patch to apply and compile > > w/ 2.2.13 - can someone from security please verify that the patch for 2.2.13 > > is still correct? > > > > What needs to be checked exactly? > *ping*
Besides the mentioned patch this is also fixed in upstream Cyrus-2.3, once we have 2.3 stable (2.3.9-r1 is a candidate for stabilization in early January per bug #201684) this bug can also be considered fixed then.
I believe you refer to this changelog entry? "Support 64-bit quota usage (both per mailbox and for the entire quotaroot), based on a patch from Jeremy Rumpf. Development sponsored by FastMail." If that is the case, we have a vote here. It's a NO for me.
no too, and closing.