Fedora Legacy Test Update Notification: imap

Thu Mar 16 01:32:03 UTC 2006

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-170411
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170411
2006-03-15
---------------------------------------------------------------------

Name        : imap
Versions    : rh7.3: imap-2001a-10.3.legacy
Versions    : rh9: imap-2001a-18.2.legacy
Versions    : fc1: imap-2002d-3.2.legacy
Summary     : Server daemons for IMAP and POP network mail protocols.
Description :
The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access
protocols. The POP protocol uses a "post office" machine to collect
mail for users and allows users to download their mail to their local
machine for reading. The IMAP protocol allows a user to read mail on a
remote machine without downloading it to their local machine.

---------------------------------------------------------------------
Update Information:

An updated imap package that fixes a buffer overflow issue is now
available.

The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access
protocols.

A buffer overflow flaw was discovered in the way the c-client library
parses user supplied mailboxes. If an authenticated user requests a
specially crafted mailbox name, it may be possible to execute arbitrary
code on a server that uses the library. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-2933 to this issue.

All users of imap should upgrade to these updated packages, which
contain a backported patch and are not vulnerable to this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Mon Mar 06 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2001a-10.3.legacy
- Replaced CVE-2005-2933 patch with the one from RHEL21
  for consistency's sake

* Wed Oct 12 2005 Ville Herva <vherva at vianova.fi> 2001a-10.2.legacy
- Added security patch for CAN-2005-2933

rh9:
* Mon Mar 06 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2001a-18.2.legacy
- Added security patch for CVE-2005-2933

fc1:
* Mon Mar 06 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:2002d-3.2.legacy
- Added patch for CVE-2005-2933

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
a516bdac39c9b3946a51e2aa1b2c525418405097
redhat/7.3/updates-testing/i386/imap-2001a-10.3.legacy.i386.rpm
7492a4f5a96f61a50bc1d486004a991407fb8a93
redhat/7.3/updates-testing/i386/imap-devel-2001a-10.3.legacy.i386.rpm
eb6df42d990be3bbf408b9c9cfe759d4ac31d82f
redhat/7.3/updates-testing/SRPMS/imap-2001a-10.3.legacy.src.rpm

rh9:
dd3d1a3bac748d1db5643a76a86c02568abec7d2
redhat/9/updates-testing/i386/imap-2001a-18.2.legacy.i386.rpm
d7986d8efea12260ebb0613bb6cd486d72ef4ac1
redhat/9/updates-testing/i386/imap-devel-2001a-18.2.legacy.i386.rpm
aef5ef7d054ff02b594bcb2ba564bfbb4778f00b
redhat/9/updates-testing/SRPMS/imap-2001a-18.2.legacy.src.rpm

fc1:
369fb568801a2d2865a55b2ceabab87e496d8705
fedora/1/updates-testing/i386/imap-2002d-3.2.legacy.i386.rpm
967a77fbc8a4d2dcc3fdfac8b715d7a84537c0c0
fedora/1/updates-testing/i386/imap-devel-2002d-3.2.legacy.i386.rpm
43b5221927cbeb9c2f3387f6a4b8f46f66d4d77d
fedora/1/updates-testing/SRPMS/imap-2002d-3.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060315/57dd0a7e/attachment.sig>