OpenCSW Bug Tracker


Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0003898 [cyrus_imapd] packaging major always 2009-09-15 11:04 2009-11-22 12:51
Reporter jeanclaudeben View Status public  
Assigned To yann
Priority normal Resolution fixed  
Status closed  
Summary 0003898: SIEVE vulnerability
Description Hi


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632 [^]

Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.


Is it possible to package the updated version : 2.3.15 ?


Additional Information
Tags No tags attached.
Attached Files

- Relationships

-  Notes
(0006840)
yann (manager)
2009-10-11 22:07

I am working on it but I need the berkeleydb situation to be sorted out to be able to compile a package with berkeleydb 4.2.52.
The fixed berkeleydb package are now in testing so they should soon hit the build machines.
(0006930)
yann (manager)
2009-11-01 02:38

I just uploaded cyrus_imapd-2.3.15,REV=2009.11.01 in unstable.
It should hit the mirror soon.
(0006938)
yann (manager)
2009-11-02 22:39

cyrus_imapd-2.3.15,REV=2009.11.01 hit the mirrors, I am closing this bug

- Issue History
Date Modified Username Field Change
2009-09-15 11:04 jeanclaudeben New Issue
2009-10-11 22:07 yann Note Added: 0006840
2009-10-11 22:07 yann Assigned To => yann
2009-10-11 22:07 yann Status new => acknowledged
2009-11-01 02:38 yann Note Added: 0006930
2009-11-02 22:39 yann Note Added: 0006938
2009-11-02 22:39 yann Status acknowledged => resolved
2009-11-02 22:39 yann Resolution open => fixed
2009-11-22 12:51 yann Status resolved => closed


Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker