Date: Sun, 16 Nov 2008 10:53:39 -0800 From: Mark Foster <mark@foster.cc> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/128923: vuxml update for security vulnerability: mail/imap-uw Message-ID: <49206C33.6050707@foster.cc> Resent-Message-ID: <200811161920.mAGJK20t032843@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 128923 >Category: ports >Synopsis: vuxml update for security vulnerability: mail/imap-uw >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Nov 16 19:20:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Mark Foster >Release: FreeBSD 7.0-RELEASE-p3 i386 >Organization: >Environment: System: FreeBSD gomer.foster.dmz 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #6: Wed Aug 27 05:57:37 PDT 2008 root@gomer.foster.dmz:/usr/obj/usr/src/sys/GENERIC i386 >Description: >How-To-Repeat: >Fix: --- imap-uw.patch begins here --- --- vuln.xml.old 2008-11-11 02:07:56.000000000 -0800 +++ vuln.xml 2008-11-11 02:15:43.000000000 -0800 @@ -34,6 +34,33 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="54c18a91-afd9-11dd-ada5-00508bef1fef"> + <topic>imap-uw -- "tmail" and "dmail" Local Buffer Overflow Vulnerabilities</topic> + <affects> + <package> + <name>imap-uw</name> + <range><lt>2007d</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>SANS reports:</p> + <blockquote cite="http://www.sans.org/newsletters/risk/display.php?v=7&i=45#08.45.22">; + <p>University of Washington "tmail" and "dmail" are mail deliver agents. "tmail" and "dmail" are exposed to local buffer overflow issues because they fail to perform adequate boundary checks on user-supplied data.</p> + </blockquote> + </body> + </description> + <references> + <url> + http://www.washington.edu/imap/documentation/RELNOTES.html + </url> + </references> + <dates> + <discovery>2008-10-29</discovery> + <entry>2008-11-11</entry> + </dates> + </vuln> + <vuln vid="c89a3ebb-ae07-11dd-b4b2-001f3c8eabeb"> <topic>trac -- potential DOS vulnerability</topic> <affects> --- imap-uw.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49206C33.6050707>