Le samedi 19 janvier 2008 à 14:51 +0100, Nico Golde a écrit : > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for balsa some time ago. > > CVE-2007-5007[0]: > | Stack-based buffer overflow in the ir_fetch_seq function in balsa > | before 2.3.20 might allow remote IMAP servers to execute arbitrary > | code via a long response to a FETCH command. > > Unfortunately the vulnerability described above is not important enough > to get it fixed via regular security update in Debian stable. It does > not warrant a DSA. > > However it would be nice if this could get fixed via a regular point update[1]. > Please contact the release team for this. Better late than never: I’ve just uploaded a version with this fix to stable-proposed-updates. Cheers, -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `- our own. Resistance is futile.
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=