[bug-notifications] [cyrus_imapd 0003898]: SIEVE vulnerability
Mantis Bug Tracker
noreply at opencsw.org
Sun Nov 1 02:38:14 CET 2009
A NOTE has been added to this issue.
======================================================================
http://www.opencsw.org/mantis/view.php?id=3898
======================================================================
Reported By: jeanclaudeben
Assigned To: yann
======================================================================
Project: cyrus_imapd
Issue ID: 3898
Category: packaging
Reproducibility: always
Severity: major
Priority: normal
Status: acknowledged
======================================================================
Date Submitted: 2009-09-15 11:04 CEST
Last Modified: 2009-11-01 02:38 CET
======================================================================
Summary: SIEVE vulnerability
Description:
Hi
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632
Buffer overflow in the SIEVE script component (sieve/script.c) in
cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to
execute arbitrary code and read or modify arbitrary messages via a crafted
SIEVE script, related to the incorrect use of the sizeof operator for
determining buffer length, combined with an integer signedness error.
Is it possible to package the updated version : 2.3.15 ?
======================================================================
----------------------------------------------------------------------
(0006930) yann (manager) - 2009-11-01 02:38
http://www.opencsw.org/mantis/view.php?id=3898#c6930
----------------------------------------------------------------------
I just uploaded cyrus_imapd-2.3.15,REV=2009.11.01 in unstable.
It should hit the mirror soon.
More information about the bug-notifications
mailing list