| 1 |
Is there some reason a GLSA was not issued about this vulnerability? I've |
| 2 |
been vulnerable for two weeks now without realizing it, and who knows how |
| 3 |
much longer it will be until the patch is made available. |
| 4 |
|
| 5 |
It seems I missed the post to Bugtraq since it was issued as a Courier |
| 6 |
vulnerability, and I didn't read carefully enough to discover that Courier |
| 7 |
IMAP was also affected. Certainly this is my own fault, but I am just |
| 8 |
astonished that without Francisco's post I might have overlooked this |
| 9 |
serious problem altogether. |
| 10 |
|
| 11 |
Ben |
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
----- Original Message ----- |
| 16 |
From: "Francisco Andrades" <fandrades@×××××.com> |
| 17 |
To: <gentoo-security@l.g.o> |
| 18 |
Sent: Thursday, March 25, 2004 9:25 PM |
| 19 |
Subject: [gentoo-security] courier-imap |
| 20 |
|
| 21 |
|
| 22 |
WARNING: Unsanitized content follows. |
| 23 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 24 |
Hash: SHA1 |
| 25 |
|
| 26 |
Greetings all, |
| 27 |
|
| 28 |
I access my mail in my gentoo-linux home server from the outside world using |
| 29 |
Courier IMAP. The latest version available (as of this morning) is: |
| 30 |
|
| 31 |
terminus root # emerge -s courier-imap |
| 32 |
|
| 33 |
* net-mail/courier-imap |
| 34 |
Latest version available: 2.1.2-r1 |
| 35 |
Latest version installed: 2.1.2-r1 |
| 36 |
Size of downloaded files: 1,276 kB |
| 37 |
Homepage: http://www.courier-mta.org/ |
| 38 |
Description: An IMAP daemon designed specifically for maildirs |
| 39 |
License: GPL-2 |
| 40 |
|
| 41 |
As per the following advisory there is a vulnerability in the 2.1.2 version |
| 42 |
of |
| 43 |
Courier IMAP: |
| 44 |
|
| 45 |
http://www.securityfocus.com/bid/9845 |
| 46 |
|
| 47 |
I've been trying to update this package since I received the advisory but |
| 48 |
have |
| 49 |
not noticed any update. I wanted to know if the current version is already |
| 50 |
patched (the r1) or are there any plans to update the available version. |
| 51 |
|
| 52 |
Thanks |
| 53 |
|
| 54 |
- -- |
| 55 |
Francisco Andrades Grassi |
| 56 |
www.nextj.com |
| 57 |
Tlf: +58-414-125-7415 |
| 58 |
-----BEGIN PGP SIGNATURE----- |
| 59 |
Version: GnuPG v1.2.4 (GNU/Linux) |
| 60 |
|
| 61 |
iD8DBQFAY5SwGQPFH+shC0oRApvPAKCHcJVzq7qFPja6nzTbm7lCq3XLLgCeIPPg |
| 62 |
zbXGWdvNaumRWsSCw4r9n+E= |
| 63 |
=VrBD |
| 64 |
-----END PGP SIGNATURE----- |
| 65 |
|
| 66 |
-- |
| 67 |
gentoo-security@g.o mailing list |
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
-- |
| 72 |
gentoo-security@g.o mailing list |
Archives