Package: uw-imap Severity: grave Tags: security, patch Justification: user security hole
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for uw-imap. CVE-2008-5514[0]: | Off-by-one error in the rfc822_output_char function in the | RFC822BUFFER routines in the University of Washington (UW) c-client | library, as used by the UW IMAP toolkit before imap-2007e and other | applications, allows context-dependent attackers to cause a denial of | service (crash) via an e-mail message that triggers a buffer overflow. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. The issue has been fixed in lenny already via the latest DTSA. The patch just needs to be applied for sid. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5514 http://security-tracker.debian.net/tracker/CVE-2008-5514 _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
