From Helga.Mayer at uni-hohenheim.de  Mon Jun 16 07:28:45 2008
From: Helga.Mayer at uni-hohenheim.de (Helga Mayer)
Date: Mon, 16 Jun 2008 13:28:45 +0200 (CEST)
Subject: [imapproxy-info] Buffer Overflow
Message-ID: <alpine.SOC.0.99999.0806161320280.9456@localhost>

Hi,

On Monday 17 March 2008 17:57:47 Frederik Himpe wrote:
> > > On Mandriva's bugzilla we received this imapproxy bug:
> > > http://qa.mandriva.com/show_bug.cgi?id=37974
> > >
> > > Mandriva compiles imapproxy is compiled with buffer overflow 
protection,
> > > a feature which is also enabled in Fedora. Apparently this feature
> > > detects a buffer overflow in imapproxy.
> > >
> > > Any help in debugging this problem is appreciated.
> >
> > Hi,
> >
> > Could you test my patch in:
> > 
http://lists.andrew.cmu.edu/pipermail/imapproxy-info/2007-September/000662.
> > html if it fixes that problem.

> According to the reporter, this patch does not help...

We've got up-imapproxy-1.2.6, compiled from the sources.
It still had the above mentioned buffer overflow - no check for 
MAXUSERNAMELEN
Imapproxy died in the early monday morning.
The patch does help.
Will it be part of the next release ?

Regards
Helga Mayer


From dave64 at andrew.cmu.edu  Mon Jun 16 07:31:48 2008
From: dave64 at andrew.cmu.edu (Dave McMurtrie)
Date: Mon, 16 Jun 2008 07:31:48 -0400
Subject: [imapproxy-info] Buffer Overflow
In-Reply-To: <alpine.SOC.0.99999.0806161320280.9456@localhost>
References: <alpine.SOC.0.99999.0806161320280.9456@localhost>
Message-ID: <48564F24.5010106@andrew.cmu.edu>

Helga Mayer wrote:
> Hi,
> 
> On Monday 17 March 2008 17:57:47 Frederik Himpe wrote:
>>>> On Mandriva's bugzilla we received this imapproxy bug:
>>>> http://qa.mandriva.com/show_bug.cgi?id=37974
>>>>
>>>> Mandriva compiles imapproxy is compiled with buffer overflow 
> protection,
>>>> a feature which is also enabled in Fedora. Apparently this feature
>>>> detects a buffer overflow in imapproxy.
>>>>
>>>> Any help in debugging this problem is appreciated.
>>> Hi,
>>>
>>> Could you test my patch in:
>>>
> http://lists.andrew.cmu.edu/pipermail/imapproxy-info/2007-September/000662.
>>> html if it fixes that problem.
> 
>> According to the reporter, this patch does not help...
> 
> We've got up-imapproxy-1.2.6, compiled from the sources.
> It still had the above mentioned buffer overflow - no check for 
> MAXUSERNAMELEN
> Imapproxy died in the early monday morning.
> The patch does help.
> Will it be part of the next release ?

There will be a fix for this in the next release.

Thanks,

Dave

From sam7382000 at yahoo.com  Tue Jun 24 02:17:14 2008
From: sam7382000 at yahoo.com (sami ali)
Date: Mon, 23 Jun 2008 23:17:14 -0700 (PDT)
Subject: [imapproxy-info] (no subject)
Message-ID: <132441.31756.qm@web32703.mail.mud.yahoo.com>