This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Security advisory: uw-imap

From: "Yaakov S (Cygwin Ports)" <yselkowitz at users dot sourceforge dot net>
To: cygwin-apps at cygwin dot com
Date: Tue, 11 Oct 2005 11:14:59 -0500
Subject: Security advisory: uw-imap

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

uw-imap (whose maintainer, AFAICS, has yet to respond to reply to
Corinna's message) is vulnerable to remote overflow of a buffer in the
IMAP server leading to execution of arbitrary code.

The only solution is to upgrade to 2004g (current Cygwin release is 2002e!).

http://www.washington.edu/imap/
http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml
http://bugs.gentoo.org/show_bug.cgi?id=108206
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities


Yaakov

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDS+UDpiWmPGlmQSMRAk/IAKCFn7jmnna71J0tuRkijPWh/8XSAwCeIg5g
B0LWX4bMcNQ4ABXAWZQQkng=
=zDZ4
-----END PGP SIGNATURE-----

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]