ports/128771: vuxml update for security vulnerability: mail/imap_uw
Mark D. Foster
mark at foster.cc
Tue Nov 11 03:10:01 UTC 2008
>Number: 128771
>Category: ports
>Synopsis: vuxml update for security vulnerability: mail/imap_uw
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 11 03:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Mark Foster <mark at foster.cc
>Release: FreeBSD 7.0-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD gomer.foster.dmz 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3
#6: Wed Aug 27 05:57:37 PDT 2008
root at gomer.foster.dmz:/usr/obj/usr/src/sys/GENERIC i386
>Description:
>How-To-Repeat:
>Fix:
--- imap_uw.patch begins here ---
--- vuln.xml.old 2008-11-11 02:07:56.000000000 -0800
+++ vuln.xml 2008-11-11 02:15:43.000000000 -0800
@@ -34,6 +34,33 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="54c18a91-afd9-11dd-ada5-00508bef1fef">
+ <topic>imap_uw -- "tmail" and "dmail" Local Buffer Overflow
Vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>imap_uw</name>
+ <range><lt>2007d</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SANS reports:</p>
+ <blockquote
cite="http://www.sans.org/newsletters/risk/display.php?v=7&i=45#08.45.22">
+ <p>University of Washington "tmail" and "dmail" are mail deliver
agents. "tmail" and "dmail" are exposed to local buffer overflow issues
because they fail to perform adequate boundary checks on user-supplied
data.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>
+ http://www.washington.edu/imap/documentation/RELNOTES.html
+ </url>
+ </references>
+ <dates>
+ <discovery>2008-10-29</discovery>
+ <entry>2008-11-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="c89a3ebb-ae07-11dd-b4b2-001f3c8eabeb">
<topic>trac -- potential DOS vulnerability</topic>
<affects>
--- imap_uw.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list