Recent security fixes
Florian Weimer
fweimer at redhat.com
Mon Oct 5 05:09:24 EDT 2015
Hi,
Martin Prpic pointed out that you apparently fixed a security issue:
<http://openwall.com/lists/oss-security/2015/09/29/2>
This is great, thanks. I think this is the relevant commit:
<https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921>
However, I wonder if the fix is complete. Could n turn negative
(possibly after truncation)? Then the range checks seem incomplete.
I also saw some (otherwise unrelated) commits which might be
security-relevant:
https://cyrus.foundation/cyrus-imapd/commit/?id=d81a712401418cc0bd1daa49ded8e5bcc4b69f21
https://cyrus.foundation/cyrus-imapd/commit/?id=ff4e6c71d932b3e6bbfa67d76f095e27ff21bad0
https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b
Could you comment on whether these fixes need to be tracked as fixes for
security vulnerabilities?
Thanks,
Florian
More information about the Cyrus-devel
mailing list