oss-sec mailing list archives
Re: CVE for recent cyrus-imap issue
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 8 Sep 2009 13:00:00 -0400 (EDT)
CVE-2009-2628 has been clearly and publicly associated with VU#444513 which is for a VMware AVI codec heap overflow. So it's not for cyrus-imap at all. (This may have been a typo somewhere down the line, and it's not "live" on the CVE site which didn't help things.) As Nico said, CVE-2009-2632 appears to be the proper ID for the cyrus-imap problem. I am associating it with the SIEVE component overflow as released in DEBIAN:DSA-1881. If there's another bug floating around, we'll have to use a different CVE. - Steve
Current thread:
- CVE for recent cyrus-imap issue Sebastian Krahmer (Sep 08)
- Re: CVE for recent cyrus-imap issue Thomas Biege (Sep 08)
- Re: CVE for recent cyrus-imap issue Chad Dougherty (Sep 08)
- Re: CVE for recent cyrus-imap issue Nico Golde (Sep 08)
- Re: CVE for recent cyrus-imap issue Steven M. Christey (Sep 08)
- Re: CVE for recent cyrus-imap issue Tomas Hoger (Sep 14)
- Re: CVE for recent cyrus-imap issue Steven M. Christey (Sep 16)
- Re: CVE for recent cyrus-imap issue Tomas Hoger (Sep 17)
- Re: CVE for recent cyrus-imap issue Chad Dougherty (Sep 08)
- Re: CVE for recent cyrus-imap issue Thomas Biege (Sep 08)