[Secure-testing-team] Bug#510918: CVE-2008-5514: Off-by-one error
Steffen Joeris
steffen.joeris at skolelinux.de
Mon Jan 5 23:06:13 UTC 2009
Package: uw-imap
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for uw-imap.
CVE-2008-5514[0]:
| Off-by-one error in the rfc822_output_char function in the
| RFC822BUFFER routines in the University of Washington (UW) c-client
| library, as used by the UW IMAP toolkit before imap-2007e and other
| applications, allows context-dependent attackers to cause a denial of
| service (crash) via an e-mail message that triggers a buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
The issue has been fixed in lenny already via the latest DTSA. The patch
just needs to be applied for sid.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5514
http://security-tracker.debian.net/tracker/CVE-2008-5514
More information about the Secure-testing-team
mailing list