Debian Bug report logs -
#448853
CVE-2007-5740 format string vulnerability
Reported by: Nico Golde <nion@debian.org>
Date: Thu, 1 Nov 2007 12:48:02 UTC
Severity: grave
Tags: patch, security
Fixed in version 1.17.1-1
Done: Simon Horman <horms@verge.net.au>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Simon Horman <horms@debian.org>
:
Bug#448853
; Package perdition
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
New Bug report received and forwarded. Copy sent to Simon Horman <horms@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: perdition
Severity: grave
Tags: security
Hi,
"Perdition IMAPD is affected by a format string bug in one of its IMAP
output-string formatting functions. The bug allows the execution of
arbitrary code on the affected server. A successful exploit does not
require prior authentication."
For more information see:
http://seclists.org/bugtraq/2007/Oct/0443.html
Solution: update to 0.17.1
A CVE id for this is pending.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Simon Horman <horms@debian.org>
:
Bug#448853
; Package perdition
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Simon Horman <horms@debian.org>
.
(full text, mbox, link).
Message #10 received at 448853@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 448853 + patch
thanks
Hi,
not 0.17.1 but 1.17.1, sorry.
A patch for this can be found on:
http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Tags added: patch
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org
.
(Thu, 01 Nov 2007 12:51:06 GMT) (full text, mbox, link).
Changed Bug title to `CVE-2007-5740 format string vulnerability' from `format string vulnerability'.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org
.
(Thu, 01 Nov 2007 12:54:04 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Simon Horman <horms@debian.org>
:
Bug#448853
; Package perdition
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Simon Horman <horms@debian.org>
.
(full text, mbox, link).
Message #19 received at 448853@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
this is CVE-2007-5740, if you fix this bug, please include
the CVE id in your changelog.
Thanks
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Reply sent to Simon Horman <horms@verge.net.au>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #24 received at 448853-done@bugs.debian.org (full text, mbox, reply):
Version: 1.17.1-1
Fixed in 1.17.1-1 which was uploaded earlier today.
Will also be fixed in packages that have been prepared for
stable and oldstable, 1.17-7etch4 and 1.15-5sarge1 respectively.
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 27 Dec 2007 07:30:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:58:40 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.