Bug#547947: CVE-2009-3235: CMU sieve buffer overflows

Giuseppe Iuculano giuseppe at iuculano.it
Tue Sep 22 18:52:37 UTC 2009


notfixed 547947 2.2.13-15
thanks

Benjamin Seidenberg ha scritto:
> A fix was released before the CVE was even published


>>     Patch:
>> https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/sieve.y.diff?r1=1.40;r2=1.41;f=h
>>           
>> https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/bc_eval.c.diff?r1=1.14;r2=1.15;f=h
>>       
>> https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.68;r2=1.69;f=h
>>

This is is a different vulnerability than CVE-2009-2632, there are a few
additional buffer overflows not yet covered, see the patches.

Cheers,
Giuseppe.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-imapd-debian-devel/attachments/20090922/2cc1c241/attachment.pgp>


More information about the Pkg-Cyrus-imapd-Debian-devel mailing list