Since PHP statically links in c-client with USE=imap or USE=kolab, we need to force a rebuild (preferably against a clean version of c-client) onto users. PHP herd, what do you think? +++ This bug was initially created as a clone of Bug #252567 +++ From redhat: "Ludwig Nussel reported a flaw in libc-client / uw-imap: The rfc822_output_char() function in the uw-imap c-client library does not check whether the buffer is already full and may therefore write one byte too much. This leads to a segfault in rfc822_output_data() later due to memcpy with size -1. Issue was fixed in imap-2007e: Updated: 16 December 2008 imap-2007e is a maintenance release, consisting primarily of bugfixes to problems discovered in the release that affected a small number of users plus a security fix for users of the RFC822BUFFER routines."
ping
ping, bug 260115 might also affect php.
Several security bugs have been reported since then, this means newer php versions have been stabled. No danger for our users, but the problem itself should probably be fixed. For progress on that, see bug 255120. Leaving open for possible inclusion in a GLSA.
GLSA 201001-03. Thank you everyone, sorry about the delay.