Hi Salvatore, just letting you know I will take care of the security update this week. I just need to sort out the rest of the bugreports whether they are related to the +nocaldav bump or not.
Cheers, Ondrej On Thu, Nov 5, 2015, at 21:10, Salvatore Bonaccorso wrote: > Source: cyrus-imapd-2.4 > Version: 2.4.17+nocaldav-2 > Severity: important > Tags: security upstream patch fixed-upstream > > Hi, > > the following vulnerabilities were published for cyrus-imapd-2.4. > > CVE-2015-8077[0]: > | integer overflow in the start_octet addition after the > | 07de4ff1bf2fa340b9d77b8e7de8d43d47a33921 fix > > CVE-2015-8078[1]: > | integer overflow in the section_offset addition after the > | c21e179c1f6b968fe69bebe079176714e511587b fix > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > Both basically are due to incomplete fix of CVE-2015-8076, so > technically wheezy and jessie are not affected by CVE-2015-8077 and > CVE-2015-8078 but the fix for CVE-2015-8076 would need to be completed > including these patches. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-8077 > > https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08 > [1] https://security-tracker.debian.org/tracker/CVE-2015-8078 > > https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2 > > Regards, > Salvatore > > _______________________________________________ > Pkg-Cyrus-imapd-Debian-devel mailing list > pkg-cyrus-imapd-debian-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-imapd-debian-devel -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server