Mantis - cyrus_imapd
|
|||||
Viewing Issue Advanced Details | |||||
|
|||||
ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
3898 | packaging | major | always | 2009-09-15 11:04 | 2009-11-22 12:51 |
|
|||||
Reporter: | jeanclaudeben | Platform: | |||
Assigned To: | yann | OS: | |||
Priority: | normal | OS Version: | |||
Status: | closed | Product Version: | |||
Product Build: | Resolution: | fixed | |||
Projection: | none | ||||
ETA: | none | Fixed in Version: | |||
|
|||||
Summary: | 0003898: SIEVE vulnerability | ||||
Description: |
Hi http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632 [^] Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. Is it possible to package the updated version : 2.3.15 ? |
||||
Steps To Reproduce: | |||||
Additional Information: | |||||
Relationships | |||||
Attached Files: | |||||
|
|||||
Issue History | |||||
Date Modified | Username | Field | Change | ||
2009-09-15 11:04 | jeanclaudeben | New Issue | |||
2009-10-11 22:07 | yann | Note Added: 0006840 | |||
2009-10-11 22:07 | yann | Assigned To | => yann | ||
2009-10-11 22:07 | yann | Status | new => acknowledged | ||
2009-11-01 02:38 | yann | Note Added: 0006930 | |||
2009-11-02 22:39 | yann | Note Added: 0006938 | |||
2009-11-02 22:39 | yann | Status | acknowledged => resolved | ||
2009-11-02 22:39 | yann | Resolution | open => fixed | ||
2009-11-22 12:51 | yann | Status | resolved => closed |
Notes | |||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|