[bug-notifications] [cyrus_imapd 0003898]: SIEVE vulnerability

Mantis Bug Tracker noreply at opencsw.org
Mon Nov 2 22:39:23 CET 2009


The following issue has been RESOLVED. 
====================================================================== 
http://www.opencsw.org/mantis/view.php?id=3898 
====================================================================== 
Reported By:                jeanclaudeben
Assigned To:                yann
====================================================================== 
Project:                    cyrus_imapd
Issue ID:                   3898
Category:                   packaging
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     resolved
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             2009-09-15 11:04 CEST
Last Modified:              2009-11-02 22:39 CET
====================================================================== 
Summary:                    SIEVE vulnerability
Description: 
Hi


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632

Buffer overflow in the SIEVE script component (sieve/script.c) in
cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to
execute arbitrary code and read or modify arbitrary messages via a crafted
SIEVE script, related to the incorrect use of the sizeof operator for
determining buffer length, combined with an integer signedness error. 


Is it possible to package the updated version : 2.3.15 ?



====================================================================== 

---------------------------------------------------------------------- 
 (0006938) yann (manager) - 2009-11-02 22:39
 http://www.opencsw.org/mantis/view.php?id=3898#c6938 
---------------------------------------------------------------------- 
cyrus_imapd-2.3.15,REV=2009.11.01 hit the mirrors, I am closing this bug




More information about the bug-notifications mailing list