[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Legacy 7.3 imap-2001a-10.1 and CAN-2005-2933

From: Jeff Sheltren <sheltren cs ucsb edu>
To: vherva viasys com, Discussion of the Fedora Legacy Project <fedora-legacy-list redhat com>
Cc:
Subject: Re: Legacy 7.3 imap-2001a-10.1 and CAN-2005-2933
Date: Wed, 12 Oct 2005 07:03:20 -0400

On Oct 12, 2005, at 6:16 AM, Ville Herva wrote:

I don't know if anyone cares about RH73 and imap-2001a anymore, butI think
this vulnerability applies to imap-2001a-10.1.legacy too:
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=false
http://www.linuxsecurity.com/content/view/120575

I took the source from
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/imap-2001a-10.1.legacy.src.rpm
and modified the mail.c patch from
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=false
to apply to 2001a.

It was just a blind patch weeding job - I didn't actually verify that
imap-2001a isn't invulnerable to this or vulnerable to something else.

I case anyone is interested, here's the modified .spec and the patch.

Just do

  rpm -i imap-2001a-10.1.legacy.src.rpm
  cp imap.spec.patched /usr/src/redhat/SPECS/imap.spec
  cp imap-2001a-CAN-2005-2933_fix.patch /usr/src/redhat/SOURCES/
  rpm -bb /usr/src/redhat/SPECS/imap.spec

Thanks for the patch. It'd be nice if you could search throughbugzilla to see if this has been reported or not there, and eitheradd to that bug, or create a new bug (and post your new SRPM).


Thanks,
Jeff

Follow-Ups:
- Re: Legacy 7.3 imap-2001a-10.1 and CAN-2005-2933
  - From: Ville Herva

References:
- Legacy 7.3 imap-2001a-10.1 and CAN-2005-2933
  - From: Ville Herva

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]