Re: RFC: proposed fix for CVE-2018-19518 in uw-imap
Hi Salvatore,
On Sun, Dec 30, 2018 at 09:38:57AM +0100, Salvatore Bonaccorso wrote:
>
> There is an alternative approach wich was raised by Magnus in the
> respective bug: https://bugs.debian.org/914632#12 (and see followup
> from Moritz).
>
I suppose I should have looked more carefully at the bugs associatd with
CVE-2018-19518 and subscribed to this one. Thank you for pointing it
out to me.
The suggestion from Magnus is certainly less likely than mine to allow
for a future exploit of the same mechanism via different means.
Magnus,
Would you prefer to handle the jessie update? If not, I will wait until
you have patch ready and I can build/upload for jessie and release the
corresponding advisory.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: