[bug-notifications] [cyrus_imapd 0003898]: SIEVE vulnerability
Mantis Bug Tracker
noreply at opencsw.org
Sun Nov 22 12:51:45 CET 2009
The following issue has been CLOSED
======================================================================
http://www.opencsw.org/bugtrack/view.php?id=3898
======================================================================
Reported By: jeanclaudeben
Assigned To: yann
======================================================================
Project: cyrus_imapd
Issue ID: 3898
Category: packaging
Reproducibility: always
Severity: major
Priority: normal
Status: closed
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 2009-09-15 11:04 CEST
Last Modified: 2009-11-22 12:51 CET
======================================================================
Summary: SIEVE vulnerability
Description:
Hi
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632
Buffer overflow in the SIEVE script component (sieve/script.c) in
cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to
execute arbitrary code and read or modify arbitrary messages via a crafted
SIEVE script, related to the incorrect use of the sizeof operator for
determining buffer length, combined with an integer signedness error.
Is it possible to package the updated version : 2.3.15 ?
======================================================================
----------------------------------------------------------------------
(0006938) yann (manager) - 2009-11-02 22:39
http://www.opencsw.org/bugtrack/view.php?id=3898#c6938
----------------------------------------------------------------------
cyrus_imapd-2.3.15,REV=2009.11.01 hit the mirrors, I am closing this bug
More information about the bug-notifications
mailing list