Your message dated Sat, 02 Oct 2021 11:02:07 +0000
with message-id <[email protected]>
and subject line Bug#993433: fixed in cyrus-imapd 3.2.6-2+deb11u1
has caused the Debian Bug report #993433,
regarding cyrus-imapd: CVE-2021-33582
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
993433: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993433
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cyrus-imapd
Version: 3.4.1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for cyrus-imapd.
CVE-2021-33582[0]:
| Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of
| service (multiple-minute daemon hang) via input that is mishandled
| during hash-table interaction. Because there are many insertions into
| a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8,
| and 3.0.16.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-33582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33582
[1]
https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cyrus-imapd
Source-Version: 3.2.6-2+deb11u1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cyrus-imapd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated cyrus-imapd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 01 Sep 2021 07:58:38 +0200
Source: cyrus-imapd
Architecture: source
Version: 3.2.6-2+deb11u1
Distribution: bullseye
Urgency: high
Maintainer: Debian Cyrus Team <[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 993433
Changes:
cyrus-imapd (3.2.6-2+deb11u1) bullseye; urgency=high
.
* Replace string hashing algorithm (Closes: #993433, CVE-2021-33582)
Checksums-Sha1:
3961939ac7d32a16f24b2e08439cb619fcdc4c7b 5480 cyrus-imapd_3.2.6-2+deb11u1.dsc
1bf00c9059ee60833cb19ee99a0b29178593f858 88112
cyrus-imapd_3.2.6-2+deb11u1.debian.tar.xz
Checksums-Sha256:
ce6113edcec8eff3cda7214a831fb48d438b0d02d7e2bbb0ae780bf480f4fc8e 5480
cyrus-imapd_3.2.6-2+deb11u1.dsc
8dacfd9c601776f70df91fb80f9a0396f0ecbf958faa342d667118e73fe4fe9b 88112
cyrus-imapd_3.2.6-2+deb11u1.debian.tar.xz
Files:
7b2b56d9feaddf4bd8cfb82005294726 5480 mail optional
cyrus-imapd_3.2.6-2+deb11u1.dsc
13e17751905dd4cd1469c60183416f67 88112 mail optional
cyrus-imapd_3.2.6-2+deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmFXZZEACgkQ9tdMp8mZ
7ukSZQ//Z3MdG9+43ieWOZxatEoE48+oG6pbvnBBweJCY5j5TBIfcReOPCnoQKbq
dvB7WF4B3tLjkrqGb7q/ZWRRsqYyI73vdOhH8G9h26vK7dl0gvNh9F9HQff2w9hz
W+gk/VAy2eLqF8lPcnLdVqHaDFzRbjj6fMvLUI782bkmcIHU+CV172ilqXmE24xM
HWWKRV0t6ySwK8zxqW5vwm3Evou5c8pS9NB2PXzG7OvlvaHcGM3c1i8axkCZeLY7
w7IVMNVcaw7N4YhBa1lViE/AhUlOfUJnC9Ij8FxXtNev0TTWjJUTodDJSZMwcQ3u
dAElw/u3ppqoFtbMkGEM8tKOycyEmyH0wFziu+ymfeDqzFDCVIPbdQbzGyKtoANv
E7/fckPNoTsup5bKI9PN3AkQjI+J2aC8puW/03YV19+rAPtRmeqM44n/1bAfVTfJ
LFaXtGyUKWmQA3nh7KH81l6t9s0bDVEPI2Vvc/VWTT6Owk0vvwu0tXzMYKhiT23C
8uNHTcpynn3VgtKB6A8SAdwHBGBDhYtRN0QxfSr70amDVuFA6NQeNaJFRyX5YrX1
O9rcXB/yMf6zaRAahGBfXIAU2gZF3dENFqYD+QVwqFnJb9U1A+E+xDgYJU/Pc81A
SkGPVQiqqAI4BHE/DNPmPqzkBWJIwwvf8bBCiA8xTZTHiXPEtN4=
=8XQd
-----END PGP SIGNATURE-----
--- End Message ---
