1 |
Is there some reason a GLSA was not issued about this vulnerability? I've |
2 |
been vulnerable for two weeks now without realizing it, and who knows how |
3 |
much longer it will be until the patch is made available. |
4 |
|
5 |
It seems I missed the post to Bugtraq since it was issued as a Courier |
6 |
vulnerability, and I didn't read carefully enough to discover that Courier |
7 |
IMAP was also affected. Certainly this is my own fault, but I am just |
8 |
astonished that without Francisco's post I might have overlooked this |
9 |
serious problem altogether. |
10 |
|
11 |
Ben |
12 |
|
13 |
|
14 |
|
15 |
----- Original Message ----- |
16 |
From: "Francisco Andrades" <fandrades@×××××.com> |
17 |
To: <gentoo-security@l.g.o> |
18 |
Sent: Thursday, March 25, 2004 9:25 PM |
19 |
Subject: [gentoo-security] courier-imap |
20 |
|
21 |
|
22 |
WARNING: Unsanitized content follows. |
23 |
-----BEGIN PGP SIGNED MESSAGE----- |
24 |
Hash: SHA1 |
25 |
|
26 |
Greetings all, |
27 |
|
28 |
I access my mail in my gentoo-linux home server from the outside world using |
29 |
Courier IMAP. The latest version available (as of this morning) is: |
30 |
|
31 |
terminus root # emerge -s courier-imap |
32 |
|
33 |
* net-mail/courier-imap |
34 |
Latest version available: 2.1.2-r1 |
35 |
Latest version installed: 2.1.2-r1 |
36 |
Size of downloaded files: 1,276 kB |
37 |
Homepage: http://www.courier-mta.org/ |
38 |
Description: An IMAP daemon designed specifically for maildirs |
39 |
License: GPL-2 |
40 |
|
41 |
As per the following advisory there is a vulnerability in the 2.1.2 version |
42 |
of |
43 |
Courier IMAP: |
44 |
|
45 |
http://www.securityfocus.com/bid/9845 |
46 |
|
47 |
I've been trying to update this package since I received the advisory but |
48 |
have |
49 |
not noticed any update. I wanted to know if the current version is already |
50 |
patched (the r1) or are there any plans to update the available version. |
51 |
|
52 |
Thanks |
53 |
|
54 |
- -- |
55 |
Francisco Andrades Grassi |
56 |
www.nextj.com |
57 |
Tlf: +58-414-125-7415 |
58 |
-----BEGIN PGP SIGNATURE----- |
59 |
Version: GnuPG v1.2.4 (GNU/Linux) |
60 |
|
61 |
iD8DBQFAY5SwGQPFH+shC0oRApvPAKCHcJVzq7qFPja6nzTbm7lCq3XLLgCeIPPg |
62 |
zbXGWdvNaumRWsSCw4r9n+E= |
63 |
=VrBD |
64 |
-----END PGP SIGNATURE----- |
65 |
|
66 |
-- |
67 |
gentoo-security@g.o mailing list |
68 |
|
69 |
|
70 |
|
71 |
-- |
72 |
gentoo-security@g.o mailing list |