In Ubuntu, the php imap plugin is in a separate php-imap source package.
Although USN-628-1 says CVE-2008-2829 was fixed, it was a mistake. The
actual binary isn't built from the php5 source package.
CVE-2008-2829 needs to be fixed in the php-imap source package that's in
universe.
** Package
The problem still exists with latest ubuntu php upgrade
r...@posta1:~# grep php /var/log/syslog | grep crash
Nov 27 19:42:35 posta1 php5-cgi: IMAP toolkit crash: rfc822.c legacy routine
buffer overflow
Nov 27 19:44:11 posta1 php5-cgi: IMAP toolkit crash: rfc822.c legacy routine
buffer overflow
Jamie, mind having a look at this?
** Package changed: ubuntu = php5 (Ubuntu)
** Changed in: php5 (Ubuntu)
Importance: Undecided = High
** Changed in: php5 (Ubuntu)
Status: New = Confirmed
** This bug has been flagged as a security vulnerability
--
php5-cgi: IMAP toolkit crash