Debian Bug report logs -
#375828
mutt: IMAP remote code execution
Reported by: Martin Pitt <martin.pitt@ubuntu.com>
Date: Wed, 28 Jun 2006 11:03:03 UTC
Severity: important
Tags: patch, security
Found in version mutt/1.5.11+cvs20060403-1
Fixed in version mutt/1.5.11+cvs20060403-2
Done: Adeodato Simó <dato@net.com.org.es>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Adeodato Simó <dato@net.com.org.es>:
Bug#375828; Package mutt.
(full text, mbox, link).
Acknowledgement sent to Martin Pitt <martin.pitt@ubuntu.com>:
New Bug report received and forwarded. Copy sent to Adeodato Simó <dato@net.com.org.es>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: mutt
Version: 1.5.11+cvs20060403-1
Severity: important
Tags: security patch
Hi!
Upstream recently fixed a buffer overflow triggered by overly long
IMAP namespace strings sent from the IMAP server.
Advisory:
http://secunia.com/advisories/20810
Patch:
http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commitdiff;h=dc0272b749f0e2b102973b7ac43dbd3908507540
There is no CVE number yet unfortunately.
Thank you!
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Adeodato Simó <dato@net.com.org.es>:
Bug#375828; Package mutt.
(full text, mbox, link).
Acknowledgement sent to Martin Pitt <mpitt@debian.org>:
Extra info received and forwarded to list. Copy sent to Adeodato Simó <dato@net.com.org.es>.
(full text, mbox, link).
Message #10 received at 375828@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi!
Can you please mention the CVE number (CVE-2006-3242) in the changelog
when you fix this? This will make tracking easier.
Thank you!
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org
[signature.asc (application/pgp-signature, inline)]
Reply sent to Adeodato Simó <dato@net.com.org.es>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Martin Pitt <martin.pitt@ubuntu.com>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 375828-close@bugs.debian.org (full text, mbox, reply):
Source: mutt
Source-Version: 1.5.11+cvs20060403-2
We believe that the bug you reported is fixed in the latest version of
mutt, which is due to be installed in the Debian FTP archive:
mutt_1.5.11+cvs20060403-2.diff.gz
to pool/main/m/mutt/mutt_1.5.11+cvs20060403-2.diff.gz
mutt_1.5.11+cvs20060403-2.dsc
to pool/main/m/mutt/mutt_1.5.11+cvs20060403-2.dsc
mutt_1.5.11+cvs20060403-2_i386.deb
to pool/main/m/mutt/mutt_1.5.11+cvs20060403-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 375828@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adeodato Simó <dato@net.com.org.es> (supplier of updated mutt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 7 Jul 2006 15:01:28 +0200
Source: mutt
Binary: mutt
Architecture: source i386
Version: 1.5.11+cvs20060403-2
Distribution: unstable
Urgency: high
Maintainer: Adeodato Simó <dato@net.com.org.es>
Changed-By: Adeodato Simó <dato@net.com.org.es>
Description:
mutt - text-based mailreader supporting MIME, GPG, PGP and threading
Closes: 375828
Changes:
mutt (1.5.11+cvs20060403-2) unstable; urgency=high
.
* Fix CVE-2006-3242, stack-based buffer overflow when processing an overly
long namespace from the IMAP server. (Closes: #375828)
Files:
3ccdff44a95de30beba370f0c37a2d78 830 mail standard mutt_1.5.11+cvs20060403-2.dsc
e85f8da89c26d2208e8c6a5a2ea86844 50808 mail standard mutt_1.5.11+cvs20060403-2.diff.gz
8bfd3426f441ea96b3546a77adff6777 1773474 mail standard mutt_1.5.11+cvs20060403-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Signed by Adeodato Simó <dato@net.com.org.es>
iEYEARECAAYFAkSuW/wACgkQgyNlRdHEGILiSgCfQuwmXMi44vW4Je0+RHX6dH2H
/JgAnRc512Vf2DG7jlLJGyIMqbmgx6/H
=bcVh
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 01:05:52 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:11:23 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon