[Bug 332025] [NEW] Please sync uw-imap 8:2007b~dfsg-1.1 (universe) from Debian unstable (main).
Launchpad Bug Tracker
332025 at bugs.launchpad.net
Mon Mar 23 13:41:14 GMT 2009
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Martin Pitt (pitti):
Please sync uw-imap 8:2007b~dfsg-1.1 (universe) from Debian unstable (main).
This package fixes the CVE-2008-5514 issue and is a bugfix only package.
No FFE needed.
Thx,
\sh
Changelog since current jaunty version 8:2007b~dfsg-1:
uw-imap (8:2007b~dfsg-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix denial of service vulnerability because of rfc822_output_char() not
checking for a full buffer and writing one byte ahead the buffer, later
resulting in memcpy getting called with a possible size argument of -1
(0003_CVE-2008-5514.patch; Closes: #510918)
-- Nico Golde <nion at debian.org> Thu, 15 Jan 2009 19:00:01 +0100
** Affects: uw-imap (Ubuntu)
Importance: Undecided
Status: New
** Affects: uw-imap (Debian)
Importance: Unknown
Status: Unknown
--
Please sync uw-imap 8:2007b~dfsg-1.1 (universe) from Debian unstable (main).
https://bugs.edge.launchpad.net/bugs/332025
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list