OpenCSW Bug Tracker

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0003898 [cyrus_imapd] packaging major always 2009-09-15 11:04 2009-11-22 12:51
Reporter jeanclaudeben View Status public  
Assigned To yann
Priority normal Resolution fixed  
Status closed  
Summary 0003898: SIEVE vulnerability
Description Hi [^]

Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

Is it possible to package the updated version : 2.3.15 ?

Additional Information
Tags No tags attached.
Attached Files

- Relationships

-  Notes
yann (manager)
2009-10-11 22:07

I am working on it but I need the berkeleydb situation to be sorted out to be able to compile a package with berkeleydb 4.2.52.
The fixed berkeleydb package are now in testing so they should soon hit the build machines.
yann (manager)
2009-11-01 02:38

I just uploaded cyrus_imapd-2.3.15,REV=2009.11.01 in unstable.
It should hit the mirror soon.
yann (manager)
2009-11-02 22:39

cyrus_imapd-2.3.15,REV=2009.11.01 hit the mirrors, I am closing this bug

Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker