Mantis - cyrus_imapd
Viewing Issue Advanced Details
3898 packaging major always 2009-09-15 11:04 2009-11-22 12:51
jeanclaudeben  
yann  
normal  
closed  
fixed  
none    
none  
0003898: SIEVE vulnerability
Hi


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632 [^]

Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.


Is it possible to package the updated version : 2.3.15 ?


Issue History
2009-09-15 11:04 jeanclaudeben New Issue
2009-10-11 22:07 yann Note Added: 0006840
2009-10-11 22:07 yann Assigned To => yann
2009-10-11 22:07 yann Status new => acknowledged
2009-11-01 02:38 yann Note Added: 0006930
2009-11-02 22:39 yann Note Added: 0006938
2009-11-02 22:39 yann Status acknowledged => resolved
2009-11-02 22:39 yann Resolution open => fixed
2009-11-22 12:51 yann Status resolved => closed

Notes
(0006840)
yann   
2009-10-11 22:07   
I am working on it but I need the berkeleydb situation to be sorted out to be able to compile a package with berkeleydb 4.2.52.
The fixed berkeleydb package are now in testing so they should soon hit the build machines.
(0006930)
yann   
2009-11-01 02:38   
I just uploaded cyrus_imapd-2.3.15,REV=2009.11.01 in unstable.
It should hit the mirror soon.
(0006938)
yann   
2009-11-02 22:39   
cyrus_imapd-2.3.15,REV=2009.11.01 hit the mirrors, I am closing this bug