First Last Prev Next    This bug is not in your last search results.
Bug 6504 - Security Vuln in Courier-imap and version bump for IMAP
: Security Vuln in Courier-imap and version bump for IMAP
Status: CLOSED FIXED
Product: Security
Classification: Unclassified
Component: General / Other Security Issue
: unspecified
: Other Linux
: P2 major
Assigned To: SM Security List
http://www.securityfocus.com/bid/9845
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-29 23:17 UTC by Craig Van Tassle
Modified: 2004-03-30 12:57 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Craig Van Tassle 2004-03-29 23:17:59 UTC 
There is a remote exploit for Courier-imap and the various other Courier email
systems, including Courier MTA, Courier SqWebMail, and Courier-IMAP.
The version in the system, 2.2.1 is vuln. There is a new version 3.0.2 that
works. That version is the most up to date one as well. At least for courier imap.
The new version for Courier is 0.45.1
Comment 1 Seth Woolley 2004-03-30 12:10:00 UTC 
Do they update without much issue?  If so, don't you already have access to
update them?  I saw the vuln notice and looked at the spells and since I don't
use them, I can't really test all the configuration options.  Would a simple
bump update work and have it not break things?
Comment 2 Seth Woolley 2004-03-30 12:52:48 UTC 
updated, compiled, tested in basic configuration, and integrated to stable.  Let
the mail guru whomever that is know if there's a problem with some of the more
arcane configs.
First Last Prev Next    This bug is not in your last search results.