perdition (1.17-7ubuntu0.7.10.1) gutsy-security; urgency=low
* SECURITY UPDATE: The format string protection
mechanism in IMAPD for Perdition Mail Retrieval
Proxy 1.17 and earlier allows remote attackers to
execute arbitrary code via an IMAP tag with a null
byte followed by a format string specifier,
which is not counted by the mechanism.
* perdition/imap4_in.c: Added patch according to upstream (LP: #162543)
(See:
http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46)
* References:
CVE-2007-5740
https://bugs.edge.launchpad.net/ubuntu/dapper/+source/perdition/+bug/162543
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448853
http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46
-- Stephan Hermann <[EMAIL PROTECTED]> Wed, 14 Nov 2007 13:44:43 +0100
** Changed in: perdition (Ubuntu Gutsy)
Status: Fix Committed => Fix Released
** Changed in: perdition (Ubuntu Feisty)
Status: Fix Committed => Fix Released
--
CVE-2007-5740: format string vulnerability
https://bugs.launchpad.net/bugs/162543
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
