A vulnerablility in an authentication method for the University of Washington IMAP server could allow a remote attacker to access any user's mailbox. http://www.kb.cert.org/vuls/id/702777
2004c is in portage, just needing to be marked stable. Arches: please test and mark stable
Stable on ppc.
Stable on sparc.
stable on amd64
Stable on alpha.
Waiting for x86 testing. Voting for GLSA: I vote YES, this is nasty.
I vote for a GLSA on this one as well.
ticho: if you tested it please mark stable for x86, we need it to issue the GLSA
sorry for the delay, x86 is there ...
tester already marked this stable on x86 (with an invalid changelog entry, I might add). I can confirm that the proble is indeed gone. Is there any reason not to CC net-mail when a net-mail security bug pops up? I didn't even know about this vulnerability until now.
ticho: the fixed package was already there so we just asked for stable markings. We should have cc-d you anyway, you're right.
GLSA 200502-02
Already stable on hppa