On Dec 11, 2008, at 10:36 PM, Steffen Joeris wrote:
Debian Security Advisory DSA-1685-1 secur...@debian.org
http://www.debian.org/security/ Steffen
Joeris
December 12, 2008 http://www.debian.org/security/faq
-
------------------------------------------------------------------------
Package : uw-imap
Vulnerability : buffer overflows, null pointer dereference
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-5005 CVE-2008-5006
Two vulnerabilities have been found in uw-imap, an IMAP
implementation. The Common Vulnerabilities and Exposures project
identifies the following problems:
This alert is an excellent example of what I've been ranting about,
e.g.:
Re: [Full-disclosure] [SECURITY] [DSA 1685-1] New uw-imap packages fix
multiple vulnerabilities
-------------------------> ^^^^^^^^^^^^^^^^^^^^^^^^
24-25 characters that could have been appended to the end of the
subject line instead of
the beginning.
In a perfect world, the message would read like this, with "[Full-
disclosure]" abbreviated to "[FD]":
"Re: [FD] New uw-imap packages fix multiple vulnerabilities [SECURITY]
[DSA 1685-1]"
Oi, I know this makes too much sense, sorry.
-oz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/