1 |
On Thu, 2004-03-25 at 22:27, Ben Cressey wrote: |
2 |
> Is there some reason a GLSA was not issued about this vulnerability? I've |
3 |
> been vulnerable for two weeks now without realizing it, and who knows how |
4 |
> much longer it will be until the patch is made available. |
5 |
|
6 |
Yeah.. We don't provide a vulnerability announcement/assessment service. |
7 |
We provide updates when they exist. If you would like a vulnerability |
8 |
announcement service then you should pay. Or simply track the |
9 |
security@g.o via bugzilla as most us do. |
10 |
|
11 |
> |
12 |
> It seems I missed the post to Bugtraq since it was issued as a Courier |
13 |
> vulnerability, and I didn't read carefully enough to discover that Courier |
14 |
> IMAP was also affected. Certainly this is my own fault, but I am just |
15 |
> astonished that without Francisco's post I might have overlooked this |
16 |
> serious problem altogether. |
17 |
> |
18 |
> Ben |
19 |
> |
20 |
> |
21 |
> |
22 |
> ----- Original Message ----- |
23 |
> From: "Francisco Andrades" <fandrades@×××××.com> |
24 |
> To: <gentoo-security@l.g.o> |
25 |
> Sent: Thursday, March 25, 2004 9:25 PM |
26 |
> Subject: [gentoo-security] courier-imap |
27 |
> |
28 |
> |
29 |
> WARNING: Unsanitized content follows. |
30 |
> -----BEGIN PGP SIGNED MESSAGE----- |
31 |
> Hash: SHA1 |
32 |
> |
33 |
> Greetings all, |
34 |
> |
35 |
> I access my mail in my gentoo-linux home server from the outside world using |
36 |
> Courier IMAP. The latest version available (as of this morning) is: |
37 |
> |
38 |
> terminus root # emerge -s courier-imap |
39 |
> |
40 |
> * net-mail/courier-imap |
41 |
> Latest version available: 2.1.2-r1 |
42 |
> Latest version installed: 2.1.2-r1 |
43 |
> Size of downloaded files: 1,276 kB |
44 |
> Homepage: http://www.courier-mta.org/ |
45 |
> Description: An IMAP daemon designed specifically for maildirs |
46 |
> License: GPL-2 |
47 |
> |
48 |
> As per the following advisory there is a vulnerability in the 2.1.2 version |
49 |
> of |
50 |
> Courier IMAP: |
51 |
> |
52 |
> http://www.securityfocus.com/bid/9845 |
53 |
> |
54 |
> I've been trying to update this package since I received the advisory but |
55 |
> have |
56 |
> not noticed any update. I wanted to know if the current version is already |
57 |
> patched (the r1) or are there any plans to update the available version. |
58 |
> |
59 |
> Thanks |
60 |
> |
61 |
> - -- |
62 |
> Francisco Andrades Grassi |
63 |
> www.nextj.com |
64 |
> Tlf: +58-414-125-7415 |
65 |
> -----BEGIN PGP SIGNATURE----- |
66 |
> Version: GnuPG v1.2.4 (GNU/Linux) |
67 |
> |
68 |
> iD8DBQFAY5SwGQPFH+shC0oRApvPAKCHcJVzq7qFPja6nzTbm7lCq3XLLgCeIPPg |
69 |
> zbXGWdvNaumRWsSCw4r9n+E= |
70 |
> =VrBD |
71 |
> -----END PGP SIGNATURE----- |
72 |
> |
73 |
> -- |
74 |
> gentoo-security@g.o mailing list |
75 |
> |
76 |
> |
77 |
> |
78 |
> -- |
79 |
> gentoo-security@g.o mailing list |
80 |
-- |
81 |
Ned Ludd <solar@g.o> |
82 |
Gentoo Linux Developer |