Bug#645327: CVE-2011-3481: Denial of service
Ondřej Surý
ondrej at sury.org
Fri Oct 14 14:26:25 UTC 2011
Version: 2.4.12-1
Hi Moritz,
I am quite confused by our archive, because all cyrus-imapd-2.2
packages were replaced
by transitional packages built from cyrus-imapd-2.4, so there is no
real -2.2 package in the
unstable right now.
I filled a RM bug to fix the leftovers:
ondrej at ries:~$ dak rm -n cyrus-imapd-2.2
Working... done.
Will remove the following packages from unstable:
cyrus-admin-2.2 | 2.2.13p1-15 | all
cyrus-doc-2.2 | 2.2.13p1-15 | all
cyrus-imapd-2.2 | 2.2.13p1-15 | source
Maintainer: Debian Cyrus Team
<pkg-cyrus-imapd-debian-devel at lists.alioth.debian.org>
Ondrej
On Fri, Oct 14, 2011 at 14:05, Moritz Muehlenhoff
<muehlenhoff at univention.de> wrote:
> Package: cyrus-imapd-2.2
> Severity: grave
> Tags: security
>
> Hi,
> please see for details and a patch:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3481
> http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772
> http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463
>
> This is already fixed in Cyrus 2.4. BTW, you said that only Cyrus 2.2 will be shipped with
> Wheezy. Maybe Cyrus 2.2 should be removed from sid rather sooner than later, then?
>
> Cheers,
> Moritz
>
> -- System Information:
> Debian Release: 5.0.1
> Architecture: amd64 (x86_64)
> Shell: /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.32-ucs44-amd64
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
>
>
>
> _______________________________________________
> Pkg-Cyrus-imapd-Debian-devel mailing list
> Pkg-Cyrus-imapd-Debian-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-imapd-debian-devel
>
--
Ondřej Surý <ondrej at sury.org>
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list