*** This bug is a security vulnerability *** Public security bug reported:
Please sync uw-imap 8:2007b~dfsg-1.1 (universe) from Debian unstable (main). This package fixes the CVE-2008-5514 issue and is a bugfix only package. No FFE needed. Thx, \sh Changelog since current jaunty version 8:2007b~dfsg-1: uw-imap (8:2007b~dfsg-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix denial of service vulnerability because of rfc822_output_char() not checking for a full buffer and writing one byte ahead the buffer, later resulting in memcpy getting called with a possible size argument of -1 (0003_CVE-2008-5514.patch; Closes: #510918) -- Nico Golde <n...@debian.org> Thu, 15 Jan 2009 19:00:01 +0100 ** Affects: uw-imap (Ubuntu) Importance: Undecided Status: New ** Affects: uw-imap (Debian) Importance: Unknown Status: Unknown ** This bug has been flagged as a security issue ** Bug watch added: Debian Bug tracker #510918 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510918 ** Also affects: uw-imap (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510918 Importance: Unknown Status: Unknown ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5514 -- Please sync uw-imap 8:2007b~dfsg-1.1 (universe) from Debian unstable (main). https://bugs.launchpad.net/bugs/332025 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs -- universe-bugs mailing list universe-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/universe-bugs