[Bug 332025] [NEW] Please sync uw-imap 8:2007b~dfsg-1.1 (universe) from Debian unstable (main).
Stephan Hermann
sh at sourcecode.de
Fri Feb 20 12:23:42 UTC 2009
*** This bug is a security vulnerability ***
Public security bug reported:
Please sync uw-imap 8:2007b~dfsg-1.1 (universe) from Debian unstable (main).
This package fixes the CVE-2008-5514 issue and is a bugfix only package.
No FFE needed.
Thx,
\sh
Changelog since current jaunty version 8:2007b~dfsg-1:
uw-imap (8:2007b~dfsg-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix denial of service vulnerability because of rfc822_output_char() not
checking for a full buffer and writing one byte ahead the buffer, later
resulting in memcpy getting called with a possible size argument of -1
(0003_CVE-2008-5514.patch; Closes: #510918)
-- Nico Golde <nion at debian.org> Thu, 15 Jan 2009 19:00:01 +0100
** Affects: uw-imap (Ubuntu)
Importance: Undecided
Status: New
** Affects: uw-imap (Debian)
Importance: Unknown
Status: Unknown
** This bug has been flagged as a security issue
** Bug watch added: Debian Bug tracker #510918
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510918
** Also affects: uw-imap (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510918
Importance: Unknown
Status: Unknown
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5514
--
Please sync uw-imap 8:2007b~dfsg-1.1 (universe) from Debian unstable (main).
https://bugs.launchpad.net/bugs/332025
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list