[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: balsa stable update for CVE-2007-5007



Le samedi 19 janvier 2008 à 14:51 +0100, Nico Golde a écrit :
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for balsa some time ago.
> 
> CVE-2007-5007[0]:
> | Stack-based buffer overflow in the ir_fetch_seq function in balsa
> | before 2.3.20 might allow remote IMAP servers to execute arbitrary
> | code via a long response to a FETCH command.
> 
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian stable. It does
> not warrant a DSA.
> 
> However it would be nice if this could get fixed via a regular point update[1].
> Please contact the release team for this.

Better late than never: I’ve just uploaded a version with this fix to
stable-proposed-updates.

Cheers,
-- 
 .''`.
: :' :      We are debian.org. Lower your prices, surrender your code.
`. `'       We will add your hardware and software distinctiveness to
  `-        our own. Resistance is futile.

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=


Reply to: