[bug-notifications] [cyrus_imapd 0003898]: SIEVE vulnerability

Mantis Bug Tracker noreply at opencsw.org
Sun Nov 1 02:38:14 CET 2009


A NOTE has been added to this issue. 
====================================================================== 
http://www.opencsw.org/mantis/view.php?id=3898 
====================================================================== 
Reported By:                jeanclaudeben
Assigned To:                yann
====================================================================== 
Project:                    cyrus_imapd
Issue ID:                   3898
Category:                   packaging
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     acknowledged
====================================================================== 
Date Submitted:             2009-09-15 11:04 CEST
Last Modified:              2009-11-01 02:38 CET
====================================================================== 
Summary:                    SIEVE vulnerability
Description: 
Hi


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632

Buffer overflow in the SIEVE script component (sieve/script.c) in
cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to
execute arbitrary code and read or modify arbitrary messages via a crafted
SIEVE script, related to the incorrect use of the sizeof operator for
determining buffer length, combined with an integer signedness error. 


Is it possible to package the updated version : 2.3.15 ?



====================================================================== 

---------------------------------------------------------------------- 
 (0006930) yann (manager) - 2009-11-01 02:38
 http://www.opencsw.org/mantis/view.php?id=3898#c6930 
---------------------------------------------------------------------- 
I just uploaded cyrus_imapd-2.3.15,REV=2009.11.01 in unstable.
It should hit the mirror soon.




More information about the bug-notifications mailing list