-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 3 Dec 2002, Nels Lindquist wrote:
> On 3 Dec 2002 at 9:57, Steve Wright wrote: > > > The message below is forwarded from bugtraq. > > I've not seen any discussion of this, is an official fix available ? > > The "semi-exploit" shown does indeed segfault imapd processes on my Debian > > (sid) boxes. > > I'd imagine there should be patches for 1.6.24 and 2.0.16, as well as > 2.1.10. There are now fixes in CVS for both the pre-login vulnerability and the sieve vulnerability for 2.0 (cyrus-2-0-tail) and 2.1 (HEAD). I expect them to be migrated over to the 2.2 branch (cyrus-imapd-2_2) later today or early tomorrow. We'll be officially deprecating 1.x as of now (removal from the web and ftp sites except for the archives, etc). I expect to have the new releases out within a day or so after I can give them some further testing. - -Rob - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPe0Xd2es8cJc4y/MEQK90ACffRrUowweGZDrgbMEPc5i4aXQzDMAnj29 q0lHh9YugJd/bxfhuLy2vghs =xzRJ -----END PGP SIGNATURE-----
