Cyrus IMAPd 2.2.13p1 & 2.3.15 Released
thomas.jarosch at intra2net.com
Tue Sep 15 07:59:07 EDT 2009
On Wednesday, 9. September 2009 18:43:43 Dave McMurtrie wrote:
> > TJ> Regarding the buffer overflow: The cert website currently outputs a
> > TJ> "Lotus Notes exception". Is the overflow theoretically exploitable
> > TJ> via a malicious email or does a user need to upload a malicious
> > TJ> sieve script?
> > Hmmm... Still down...
> Apologies for the CERT vulnerability link not existing.
> We had planned, along with CERT, to make a coordinated announcement
> about this tomorrow in order to give the major Cyrus vendors a chance to
> get their distributions patched.
> Unfortunately, Debian put out their DSA over the weekend so we didn't
> want to wait until tomorrow to put out our announcement. CERT provided
> that URL for us, but since they haven't yet formally released this
> vulnerability the URL isn't active yet.
Thanks for clearing this up!
I'm very happy this is not triggerable via a malicious email :)
More information about the Cyrus-devel