Your message dated Thu, 02 Sep 2021 04:48:26 +0000
with message-id <[email protected]>
and subject line Bug#993433: fixed in cyrus-imapd 3.4.2-1
has caused the Debian Bug report #993433,
regarding cyrus-imapd: CVE-2021-33582
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
993433: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993433
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cyrus-imapd
Version: 3.4.1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for cyrus-imapd.
CVE-2021-33582[0]:
| Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of
| service (multiple-minute daemon hang) via input that is mishandled
| during hash-table interaction. Because there are many insertions into
| a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8,
| and 3.0.16.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-33582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33582
[1]
https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cyrus-imapd
Source-Version: 3.4.2-1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cyrus-imapd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated cyrus-imapd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 02 Sep 2021 06:17:52 +0200
Source: cyrus-imapd
Architecture: source
Version: 3.4.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Cyrus Team <[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 993433
Changes:
cyrus-imapd (3.4.2-1) unstable; urgency=medium
.
[ lintian-brush ]
* Avoid explicitly specifying -Wl,--as-needed linker flag.
.
[ Yadd ]
* New upstream version 3.4.2 (Closes: #993433, CVE-2021-33582)
* Declare compliance with policy 4.6.0
* Refresh patches
Checksums-Sha1:
5afda20c19e70110e7c0d7e808d1713466f2c987 5448 cyrus-imapd_3.4.2-1.dsc
adc8ada1e517c8221e087ff5e132ad913f3f8580 12603768 cyrus-imapd_3.4.2.orig.tar.gz
b158ee803b977bcdea8f38f2df735bb7d907920b 488 cyrus-imapd_3.4.2.orig.tar.gz.asc
42f127b516309d80f3c97b733e987a381b81c97c 83212
cyrus-imapd_3.4.2-1.debian.tar.xz
Checksums-Sha256:
d6caa28c8f5375d9d3aa552d88284e017727335d467739f677671ab1a38e8e17 5448
cyrus-imapd_3.4.2-1.dsc
08b225b5be70a1a2b054169ab09d8a4977524e4681fe0fd9a6a4f843496152c5 12603768
cyrus-imapd_3.4.2.orig.tar.gz
3c5b1bd42ff8107420a5e16ac4dce27486ff52a74b6132845ac325ceaa91df8f 488
cyrus-imapd_3.4.2.orig.tar.gz.asc
3831531eaa8480d77ba0ec2d4a27578313b5ae120a38b4b5167893f4853f987d 83212
cyrus-imapd_3.4.2-1.debian.tar.xz
Files:
8f75f1844f244da75e12fc1d486d1411 5448 mail optional cyrus-imapd_3.4.2-1.dsc
6cd03b686013d6a911ec25573273e684 12603768 mail optional
cyrus-imapd_3.4.2.orig.tar.gz
6832f37ca07f06af2aeed189458553e3 488 mail optional
cyrus-imapd_3.4.2.orig.tar.gz.asc
7a9ac0086308d7b30930edceb6ae4ffc 83212 mail optional
cyrus-imapd_3.4.2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmEwU54ACgkQ9tdMp8mZ
7unrjw/8CCCC7KvKGTxPlH8ejjnHJ/5ByJDssFqjecQRqCFqAOz2zYIOgSwncM1B
vDWivdUfbWHDXulTZkpXQGjJcPjUSxRy3DAbAmmK7vf15BIEeA69cr2e3o9ikpyU
kapjdyI47km2A4THWhwVFQFz5FMZ4dXgVCxu9po0F7kOL750PbKylWR40KHaII3h
1dTM7bE/lSw3OCwmwDsXKerJH4v9VHXDU6v0+92lNi2W8TUPHLLC5+lHzRDeuUYi
E+toyi6yb9AV1gFGJs4XxudczuZuv33uFp7dn0jT9IToic4lnfTlQOcAb0ktjNCS
STkEf/wv8r5uiacIOKg18vPtiL9kgSOFg6mBw/pHbJYQNV165UqkySykBvW9O9Dg
G49BOAKPZT9QFfINFK8LH64o3HZxmUOcuhjnt54JsxSNCcvPa9b+noZplI6wKIEu
kAlw61FUSwYfi0vNjX5e72yzPP3io3YuipOkRUI+k+aMStwJXaId0m2YABoRf7kA
NkddGqM2Y9q42qIja3EwqtJCZkN+oNGWXgO141mqgBr7oofExYubMtx2r9zJ9KTP
fP5dI7RqAV0lL365VtdMEIZ15nZbyOKR8wgttWadwZZDlKGDhlwD9NL/kcT9mPBG
VrREE8zDBVfyZLZ5Er0+s4p79dGlr5b9UmVaW82pXA/nGwxIxW8=
=AF8Y
-----END PGP SIGNATURE-----
--- End Message ---
