[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.005-imapd.txt

[Michael Schloh]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Michael Schloh
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   30-Mar-2005 16:36:48
  Branch: HEAD                             Handle: 2005033015364800

  Modified files:
    openpkg-web/security    OpenPKG-SA-2005.005-imapd.txt

  Log:
    update SA with CAN number (finally released by CVE a couple weeks ago), and
    renumber links

  Summary:
    Revision    Changes     Path
    1.3         +16 -13     openpkg-web/security/OpenPKG-SA-2005.005-imapd.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2005.005-imapd.txt
  ============================================================================
  $ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2005.005-imapd.txt
  --- openpkg-web/security/OpenPKG-SA-2005.005-imapd.txt        7 Mar 2005 
10:59:22 -0000       1.2
  +++ openpkg-web/security/OpenPKG-SA-2005.005-imapd.txt        30 Mar 2005 
14:36:48 -0000      1.3
  @@ -3,7 +3,7 @@
   OpenPKG Security Advisory                            The OpenPKG Project
   http://www.openpkg.org/security.html              http://www.openpkg.org
   [EMAIL PROTECTED]                         [EMAIL PROTECTED]
  -OpenPKG-SA-2005.005                                          07-Mar-2005
  +OpenPKG-SA-2005.005                                          30-Mar-2005
   ________________________________________________________________________
   
   Package:             imapd
  @@ -28,19 +28,21 @@
     the application is affected by multiple one byte buffer overflows
     affecting the IMAP annotate extension and cached header handling
     routines. Additionally, stack based overflows affecting the fetchnews,
  -  backend, and imapd logic exist as well.
  +  backend, and imapd logic exist as well. The Common Vulnerabilities and
  +  Exposures (CVE) project assigned the identifier CAN-2005-0546 [2] to
  +  the problem.
   
     Please check whether you are affected by running "<prefix>/bin/openpkg
     rpm -q imapd". If you have the "imapd" package installed and its version
     is affected (see above), we recommend that you immediately upgrade it
  -  (see Solution) and its dependent packages (see above) as well [2][3].
  +  (see Solution) and its dependent packages (see above) as well [3][4].
   
   Solution:
     Select the updated source RPM appropriate for your OpenPKG release
  -  [4], fetch it from the OpenPKG FTP service [5] or a mirror
  -  location, verify its integrity [6], build a corresponding binary RPM
  -  from it [2] and update your OpenPKG installation by applying the
  -  binary RPM [3]. For the most recent release OpenPKG 2.2, perform the
  +  [5], fetch it from the OpenPKG FTP service [6] or a mirror
  +  location, verify its integrity [7], build a corresponding binary RPM
  +  from it [8] and update your OpenPKG installation by applying the
  +  binary RPM [9]. For the most recent release OpenPKG 2.2, perform the
     following operations to permanently fix the security problem.
   
     $ ftp ftp.openpkg.org
  @@ -54,17 +56,18 @@
     # <prefix>/bin/openpkg rpm -Fvh <prefix>/RPM/PKG/imapd-2.2.8-2.2.2.*.rpm
   
     Additionally, we recommend that you rebuild and reinstall
  -  all dependent packages (see above) as well [2][3].
  +  all dependent packages (see above) as well [3][4].
   ________________________________________________________________________
   
   References:
     [0] http://asg.web.cmu.edu/cyrus/imapd/
     [1] 
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
  -  [2] http://www.openpkg.org/tutorial.html#regular-source
  -  [3] http://www.openpkg.org/tutorial.html#regular-binary
  -  [4] ftp://ftp.openpkg.org/release/2.2/UPD/imapd-2.2.8-2.2.2.src.rpm
  -  [5] ftp://ftp.openpkg.org/release/2.2/UPD/
  -  [6] http://www.openpkg.org/security.html#signature
  +  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0546
  +  [3] http://www.openpkg.org/tutorial.html#regular-source
  +  [4] http://www.openpkg.org/tutorial.html#regular-binary
  +  [5] ftp://ftp.openpkg.org/release/2.2/UPD/imapd-2.2.8-2.2.2.src.rpm
  +  [6] ftp://ftp.openpkg.org/release/2.2/UPD/
  +  [7] http://www.openpkg.org/security.html#signature
   ________________________________________________________________________
   
   For security reasons, this advisory was digitally signed with the
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org