Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 82404 - net-mail/cyrus-imapd New version fix security issues
Summary: net-mail/cyrus-imapd New version fix security issues
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa] vorlon
Depends on:
Reported: 2005-02-17 14:21 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-02-23 09:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-17 14:21:22 UTC
2.2.10 is latest stable on some arches.
Changes to the Cyrus IMAP Server since 2.2.10

      * Fix possible single byte overflow in mailbox handling code. 
      * Fix possible single byte overflows in the imapd annotate extension. 
      * Fix stack buffer overflows in fetchnews (exploitable by peer news
        server), backend (exploitable by admin), and in imapd (exploitable
        by users though only on platforms where a filename may be larger
        than a mailbox name).
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-17 14:23:21 UTC
We already have 2.2.12 in the tree. 

Arches please test and mark stable.
Comment 2 Olivier Crete (RETIRED) gentoo-dev 2005-02-17 14:42:56 UTC
this pulls in mailbase-0.00-r8, is that wanted ?
Comment 3 Andrej Kacian (RETIRED) gentoo-dev 2005-02-17 15:09:11 UTC
Yes, it is. mailbase-0.00-r8 installs common /etc/pam.d/ files for imap and pop3.
Comment 4 Olivier Crete (RETIRED) gentoo-dev 2005-02-17 20:57:14 UTC
x86 there
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2005-02-18 05:05:51 UTC
Shouldn't dev-libs/cyrus-imap-dev and net-mail/cyrus-imap-admin be bumped to 2.2.12 too at least for consistency?
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2005-02-18 05:18:49 UTC
btw, sparc stable :)
Comment 7 Tomasz Orzechowski 2005-02-18 05:35:56 UTC
if dev-libs/cyrus-imap-dev gets bumped to keep versions in sync so should net-mail/cyrus-imap-admin
Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-02-19 03:28:47 UTC
Stable on ppc.
Comment 9 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-02-19 08:53:22 UTC
Stable on hppa.
Comment 10 Matthias Geerdsen (RETIRED) gentoo-dev 2005-02-19 12:45:49 UTC
glsa drafted, security pls review
Comment 11 Marcus D. Hanwell (RETIRED) gentoo-dev 2005-02-23 03:37:46 UTC
Stable on amd64.
Comment 12 Matthias Geerdsen (RETIRED) gentoo-dev 2005-02-23 09:35:40 UTC
GLSA 200502-29

thanks everyone