Bernhard Mueller has reported a vulnerability in Perdition, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to the Perdition IMAP server incorrectly checking for malicious format string specifiers contained within IMAP requests. This can be exploited to bypass the format string check by inserting a zero byte in an IMAP request. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 1.17.1. Solution: Update to version 1.17.1.
Net-mail, please advise or create an updated ebuild.
Net-mail, please advise.
Net-mail, ferdy usually took care of this ebuild, but is away at the moment. Can you please do this ebuild bump?
(In reply to comment #3) > Net-mail, ferdy usually took care of this ebuild, but is away at the moment. > > Can you please do this ebuild bump? > *ping*
net-mail, I committed net-mail/perdition-1.17.1 as a non-maintainer bump since there was no movement on this bug for > 2 months. Hope you don't mind.
