[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: proposed fix for CVE-2018-19518 in uw-imap

Hi Salvatore,

On Sun, Dec 30, 2018 at 09:38:57AM +0100, Salvatore Bonaccorso wrote:
> There is an alternative approach wich was raised by Magnus in the
> respective bug: https://bugs.debian.org/914632#12 (and see followup
> from Moritz).

I suppose I should have looked more carefully at the bugs associatd with
CVE-2018-19518 and subscribed to this one.  Thank you for pointing it
out to me.

The suggestion from Magnus is certainly less likely than mine to allow
for a future exploit of the same mechanism via different means.


Would you prefer to handle the jessie update?  If not, I will wait until
you have patch ready and I can build/upload for jessie and release the
corresponding advisory.



Roberto C. Sánchez

Reply to: