Bug#930107: unblock: cyrus-imapd/3.0.8-6

To: 930107@bugs.debian.org
Subject: Bug#930107: unblock: cyrus-imapd/3.0.8-6
From: Xavier <yadd@debian.org>
Date: Wed, 12 Jun 2019 16:26:39 +0200
Message-id: <[🔎] 9592e9f4-b5f9-02c8-47d1-8367bfe8a998@debian.org>
Reply-to: Xavier <yadd@debian.org>, 930107@bugs.debian.org
In-reply-to: <[🔎] 155988409501.30448.2385006075999222892.reportbug@deb007.xnr.fr>
References: <[🔎] 155988409501.30448.2385006075999222892.reportbug@deb007.xnr.fr> <[🔎] 155988409501.30448.2385006075999222892.reportbug@deb007.xnr.fr>

Le 07/06/2019 à 07:08, Xavier Guimard a écrit :
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package cyrus-imapd
> 
> Hi all,
> 
> Cyrus-Imapd is vulnerable to remote arbitrary code execution via CalDAV
> (CVE-2019-11356, tagged high). Fix is very trivial.
> 
> The proposed debdiff includes also a missing dependency that closes
> #872238.
> 
> Cheers,
> Xavier

Complement: I patched Cyrus-Imapd quickly since patch was easy to
backport, that's why Security Team didn't open a RC bug on this CVE.
However, this update should be considered as a RC-related unblock.

Cheers,
Xavier

Reply to:

References:
- Bug#930107: unblock: cyrus-imapd/3.0.8-6
  - From: Xavier Guimard <yadd@debian.org>

Prev by Date: Bug#929874: marked as done (unblock: several autopkgtest fixes for node-*)
Next by Date: Bug#930107: marked as done (unblock: cyrus-imapd/3.0.8-6)
Previous by thread: Bug#930107: unblock: cyrus-imapd/3.0.8-6
Next by thread: Bug#930107: marked as done (unblock: cyrus-imapd/3.0.8-6)
Index(es):
- Date
- Thread