| 1 |
On Thu, 2004-03-25 at 22:27, Ben Cressey wrote: |
| 2 |
> Is there some reason a GLSA was not issued about this vulnerability? I've |
| 3 |
> been vulnerable for two weeks now without realizing it, and who knows how |
| 4 |
> much longer it will be until the patch is made available. |
| 5 |
|
| 6 |
Yeah.. We don't provide a vulnerability announcement/assessment service. |
| 7 |
We provide updates when they exist. If you would like a vulnerability |
| 8 |
announcement service then you should pay. Or simply track the |
| 9 |
security@g.o via bugzilla as most us do. |
| 10 |
|
| 11 |
> |
| 12 |
> It seems I missed the post to Bugtraq since it was issued as a Courier |
| 13 |
> vulnerability, and I didn't read carefully enough to discover that Courier |
| 14 |
> IMAP was also affected. Certainly this is my own fault, but I am just |
| 15 |
> astonished that without Francisco's post I might have overlooked this |
| 16 |
> serious problem altogether. |
| 17 |
> |
| 18 |
> Ben |
| 19 |
> |
| 20 |
> |
| 21 |
> |
| 22 |
> ----- Original Message ----- |
| 23 |
> From: "Francisco Andrades" <fandrades@×××××.com> |
| 24 |
> To: <gentoo-security@l.g.o> |
| 25 |
> Sent: Thursday, March 25, 2004 9:25 PM |
| 26 |
> Subject: [gentoo-security] courier-imap |
| 27 |
> |
| 28 |
> |
| 29 |
> WARNING: Unsanitized content follows. |
| 30 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 31 |
> Hash: SHA1 |
| 32 |
> |
| 33 |
> Greetings all, |
| 34 |
> |
| 35 |
> I access my mail in my gentoo-linux home server from the outside world using |
| 36 |
> Courier IMAP. The latest version available (as of this morning) is: |
| 37 |
> |
| 38 |
> terminus root # emerge -s courier-imap |
| 39 |
> |
| 40 |
> * net-mail/courier-imap |
| 41 |
> Latest version available: 2.1.2-r1 |
| 42 |
> Latest version installed: 2.1.2-r1 |
| 43 |
> Size of downloaded files: 1,276 kB |
| 44 |
> Homepage: http://www.courier-mta.org/ |
| 45 |
> Description: An IMAP daemon designed specifically for maildirs |
| 46 |
> License: GPL-2 |
| 47 |
> |
| 48 |
> As per the following advisory there is a vulnerability in the 2.1.2 version |
| 49 |
> of |
| 50 |
> Courier IMAP: |
| 51 |
> |
| 52 |
> http://www.securityfocus.com/bid/9845 |
| 53 |
> |
| 54 |
> I've been trying to update this package since I received the advisory but |
| 55 |
> have |
| 56 |
> not noticed any update. I wanted to know if the current version is already |
| 57 |
> patched (the r1) or are there any plans to update the available version. |
| 58 |
> |
| 59 |
> Thanks |
| 60 |
> |
| 61 |
> - -- |
| 62 |
> Francisco Andrades Grassi |
| 63 |
> www.nextj.com |
| 64 |
> Tlf: +58-414-125-7415 |
| 65 |
> -----BEGIN PGP SIGNATURE----- |
| 66 |
> Version: GnuPG v1.2.4 (GNU/Linux) |
| 67 |
> |
| 68 |
> iD8DBQFAY5SwGQPFH+shC0oRApvPAKCHcJVzq7qFPja6nzTbm7lCq3XLLgCeIPPg |
| 69 |
> zbXGWdvNaumRWsSCw4r9n+E= |
| 70 |
> =VrBD |
| 71 |
> -----END PGP SIGNATURE----- |
| 72 |
> |
| 73 |
> -- |
| 74 |
> gentoo-security@g.o mailing list |
| 75 |
> |
| 76 |
> |
| 77 |
> |
| 78 |
> -- |
| 79 |
> gentoo-security@g.o mailing list |
| 80 |
-- |
| 81 |
Ned Ludd <solar@g.o> |
| 82 |
Gentoo Linux Developer |
Archives