[bug-notifications] [cyrus_imapd 0003898]: SIEVE vulnerability
Mantis Bug Tracker
noreply at opencsw.org
Tue Sep 15 11:04:05 CEST 2009
The following issue has been SUBMITTED.
======================================================================
http://www.opencsw.org/bugtrack/view.php?id=3898
======================================================================
Reported By: jeanclaudeben
Assigned To:
======================================================================
Project: cyrus_imapd
Issue ID: 3898
Category: packaging
Reproducibility: always
Severity: major
Priority: normal
Status: new
======================================================================
Date Submitted: 2009-09-15 11:04 CEST
Last Modified: 2009-09-15 11:04 CEST
======================================================================
Summary: SIEVE vulnerability
Description:
Hi
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632
Buffer overflow in the SIEVE script component (sieve/script.c) in
cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to
execute arbitrary code and read or modify arbitrary messages via a crafted
SIEVE script, related to the incorrect use of the sizeof operator for
determining buffer length, combined with an integer signedness error.
Is it possible to package the updated version : 2.3.15 ?
======================================================================
More information about the bug-notifications
mailing list