subject:"Security advisory\: uw\-imap \- 3 attachments"

Re: Security advisory: uw-imap - 3 attachments

2005-10-14 Thread Eric Blake

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

According to Christian Weinberger on 10/14/2005 12:26 AM:
> I could not post to the cygwin applications list via gmane, so I reply
> to the main list. Apologies if this not the way it should be done. 

I don't know why cygwin-apps is registered as a one-way only list on
gmane, but I have also found it is annoying that you can't post there
through gmane.  It would take permission from the list owner for gmane to
change the policy on their mirroring of the list (at least gmane still
respects the subscriber-only posting rules).  However, gmane also has the
annoying property of not allowing file attachments, so you really should
be using a proper email client and not gmane when trying to send attachments.

As for you comments about cygwin applications, they really do belong on
cygwin-apps; I've changed the reply-to accordingly.  Also, attachments are
better received if they are MIME attachments, not uuencoded inline; and
with a text MIME type if they really are text based (the number of mail
clients out there that blindly assume every attachment should be marked
application/octet-stream is unfortunate).

> 
> I´d be glad to assist the maintainer in building a 2004g package for
> cygwin. 

There has been no response from the uw-imap maintainer, at least per
http://sources.redhat.com/ml/cygwin-apps/2005-10/msg00111.html.  If you
are volunteering to maintain it, you will need to respond directly on the
cygwin-apps list.

- --
Life is short - so eat dessert first!

Eric Blake [EMAIL PROTECTED]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDT7Px84KuGfSFAYARAsZZAKCQv5IVM86s4JG4E/hy31UqsnLc0gCbBjvV
AaOfRhh14DlGRrgHIOR6XYs=
=FgOe
-END PGP SIGNATURE-

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: Security advisory: uw-imap - 3 attachments

2005-10-13 Thread Christian Weinberger

> uw-imap (whose maintainer, AFAICS, has yet to respond to reply to 
> Corinna's message) is vulnerable to remote overflow of a buffer in the
> IMAP server leading to execution of arbitrary code.
> 
> The only solution is to upgrade to 2004g (current Cygwin release is
> 2002e!). 

I built 2004g and it nearly builds ootb.

The only patch necessary is for CRAM-MD5 auth. This patch is well known
and has been used for the 2002e version also. All other patches that
have been necessary for 2002e have already been integrated in the 2004g
release. 

I could not post to the cygwin applications list via gmane, so I reply
to the main list. Apologies if this not the way it should be done. 

I´d be glad to assist the maintainer in building a 2004g package for
cygwin. 

I´m facing two minor issues:
- the first is described here in detail:
  http://www.cygwin.com/ml/cygwin/2004-11/msg01137.html
  it has always been there for me (even with the 2002e package), so I
  don´t think it is a new problem
- second, when I use dmail from .procmailrc, it causes a stackdump
  at the end of the delivery process. But all logs are written fine and
  all mail gets delivered, so it is more a cosmetic thing (IMHO)

Attached you find 3 patches:
1) imap-2004c1.cram-md5-auth.patch
It is necessary for cram-md5 to work.

2) imap-2004c1.mbx-by-default.patch (optional)
Local mailboxes are created in MBX format by default, which allows
simultanous rw access by multiple sessions. New mail has to be spooled
to a mbox format mailbox in /var/spool/mail/, but is transfered to
~/Mail/INBOX by UW-IMAP immediately. 

3) imap-2004c1.mailsubdir-Mail.patch (optional)
Mail is stored in the users ~/Mail folder. 

The last two patches make uw-imap behave more compliant to modern UNIX
standards and more capable. These are not real patches, but
configuration options for uw-imap. If you migrate from an older version
of uw-imap that has been configured differently, you have to move the
mailbox files to the new folder localtions. 



Regards,
Christian


begin 644 imap-2004c1.mbx-by-default.patch
M9&EF9B`M875R(&EM87`M,C`P-&,Q+G9A;FEL;&$O"[EMAIL PROTECTED],@=&AE($5-4%194%)/5$\@
M<[EMAIL PROTECTED]&AE'!R;[EMAIL PROTECTED];FEX<')O=&\-"B`-"B`-"D!`("TR
M-#6<@3$]'
M24Y05SUC>6<@0U)85%E013US=&[EMAIL PROTECTED]/3$1)4CTO=F%R(%P-"BL)
M4U!/3TQ$25(]+W9A6"]L;V=?
M8WEG+F,),C`P,RTP-"TR-B`P,CHS-SHU,RXP,#`P,#`P,[EMAIL PROTECTED],#`**RLK
M(&EM87`M,C`P-&,Q+W-R8R]O66=?=7-EPHK("`@("`@
M("`@("`@("`@("`@("`@("`@("`@("`@("`O*B!M=7-T(&)E('-A;[EMAIL PROTECTED]
M6=W:6Y?
M6=?=7-E"]E;G9?=6YI
M>"YC#0HM+2T@:6UA<"TR,#`T8S$N=F%N:6QL82]S"]E
M;G9?=6YI>"YC"3(P,#0M,#DM,3,@,C,Z,S$Z,3DN,#`P,#`P,#`P("LP,C`P
M#0HK*RL@:6UA<"TR,#`T8S$O4YE=W-R8R`]($Y)3#L)+RH@;F5W2!N86UE("HO#0HK"!N86UE
M("HO#0H@http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: Security advisory: uw-imap - 3 attachments

Re: Security advisory: uw-imap - 3 attachments

2 matches

Site Navigation

Mail list logo

Footer information