[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:42087] Re: [Translate] [SECURITY] [DSA 597-1] New cyrus-imapd packages fix arbitrary code execution



飛田です。

cyrus21-imapd の 2.1.17-1 が取れるようになったようです。

>>>>> In [debian-users : No.42050] 
>>>>>	Shinichiro HIDA <shinichiro@xxxxxxxxxxxxx> wrote:
飛> 飛田です。

[...]

飛> 原文では、

>>>>> In <m1CXG1Y-000olKC@xxxxxxxxxxxxxxxxxxxxxxxxxxx> 
>>>>>	joey@xxxxxxxxxxxx (Martin Schulze) wrote:
Martin> -----BEGIN PGP SIGNED MESSAGE-----
Martin> Hash: SHA1

Martin> - --------------------------------------------------------------------------
Martin> Debian Security Advisory DSA 597-1                     security@debian.org

[...]
Martin> CVE ID         : CAN-2004-1012 CAN-2004-1013
Martin> Debian Bug     : 282681
                         ^^^^^^^
Martin> For the unstable distribution (sid) these problems have been fixed in
Martin> version 2.1.17-1.
                ^^^^^^^^
飛> なので、原文は 2.1.17-1 になってます。

飛> でも今 apt-get で引いてみたら 2.1.16-11 が落ちてきたので、
飛> cyrus21-imapd (2.1.16-11) の changelog.Debian.gz をみてみると、

changelog> cyrus21-imapd (2.1.16-11) unstable; urgency=high

[...]

以下、cyrus21-imapd 2.1.17-1 の changelog.Debian.gz より、

cyrus21-imapd (2.1.17-1) unstable; urgency=high

  * New upstream source
    * SECURITY FIX:
      Detect and avoid buffer overflow on SASL canonical processing
  * SECURITY FIX (from Ubuntu, thanks to Martin Pitt
    <martin.pitt@xxxxxxxxxxxxx>): fixed two incarnations of "flag[nflags++]
    = xstrdup(...)"; the value of nflags within functions called by
    xstrdup() is undefined and different gcc versions handle this
    differently (closes: #282681)

という事だそうです。お騒がせしました。


-- 
  Shinichiro HIDA  mailto:shinichiro@xxxxxxxxxxxxx
  GPG fingerprint = 5F2D 1656 FFF6 F691 A51C  5E61 E416 D398 470C 1CE9