Comment 1 Stratos Psomadakis (RETIRED) 2009-05-09 13:15:57 UTC

QmailAdmin is prone to several Integer Overflows due that
numeric types of more range are needed to store user's quota nowadays(quota over 2GB).

Created attachment 197747 [details, diff]
This patch preempts some potential integer overruns.

This patch doesn't fix the integer overrun mentioned in the advisory, but it's a start. Integer conversions now correctly detect and deal with some potential integer overruns in two functions.

Comment 3 Robin Johnson 2011-01-26 01:49:42 UTC

I have merged your patch to 1.2.15 now.

Comment 4 Tim Sammut (RETIRED) 2011-01-26 04:10:20 UTC

(In reply to comment #3)
> I have merged your patch to 1.2.15 now.
> 

Thank you.

Arches, please test and mark stable:
=net-mail/qmailadmin-1.2.15
Target keywords : "amd64 arm hppa ppc s390 sh sparc x86"

Comment 5 Kacper Kowalik (Xarthisius) (RETIRED) 2011-01-26 09:07:48 UTC

ppc stable

Comment 6 Markos Chandras (RETIRED) 2011-01-26 13:51:54 UTC

amd64 done

Comment 7 Christian Faulhammer (RETIRED) 2011-01-26 19:52:05 UTC

x86 stable

Comment 8 Markus Meier 2011-02-05 18:06:39 UTC

arm stable

Comment 9 Raúl Porcel (RETIRED) 2011-02-12 17:52:38 UTC

s390/sh/sparc stable

Comment 10 Jeroen Roovers (RETIRED) 2011-03-08 22:51:53 UTC

I don't see what's holding up people at bug #353073.

Comment 11 Jeroen Roovers (RETIRED) 2011-05-24 15:32:35 UTC

There's going to be a point where this situation is untenable.

Comment 12 Jeroen Roovers (RETIRED) 2012-06-18 23:25:43 UTC

Stable HPPA keywords dropped.

Comment 13 Agostino Sarubbo 2012-06-19 08:32:59 UTC

@security: go ahead with the vote.

Comment 14 Tim Sammut (RETIRED) 2012-06-19 11:47:51 UTC

Thanks, folks. This looks like a DoS only to me, but I could be wrong. GLSA Vote: no.

Comment 15 Sean Amoss (RETIRED) 2012-07-10 22:22:04 UTC

Agreed, appears to be a DoS only.

GLSA vote: no.

Change noglsa.