-
perdition (1.17-7ubuntu0.6.10.1) edgy-security; urgency=low
* SECURITY UPDATE: The format string protection
mechanism in IMAPD for Perdition Mail Retrieval
Proxy 1.17 and earlier allows remote attackers to
execute arbitrary code via an IMAP tag with a null
byte followed by a format string specifier,
which is not counted by the mechanism.
* perdition/imap4_in.c: Added patch according to upstream (LP: #162543)
(See: http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46)
* References:
CVE-2007-5740
https://bugs.edge.launchpad.net/ubuntu/dapper/+source/perdition/+bug/162543
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448853
http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46
-- Stephan Hermann <email address hidden> Wed, 14 Nov 2007 14:10:56 +0100
-
perdition (1.17-7) unstable; urgency=low
* Remove the unneccesary Build-Depends on automake as part of
automake transition. http://wiki.debian.org/AutomakeTransition
(closes: #376643)
* Fix documentation of map_library. Thanks to Anand Kumria.
(closes: #354527)
* Add suggests perdition-ldap, perdition-mysql, perdition-odbc,
perdition-postgresql to perdition
* Update from standards version 3.6.1 to 3.7.2
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 05 Jul 2006 16:41:34 +0100
-
perdition (1.17-5build1) dapper; urgency=low
* Rebuild against the new libmysqlclient15off with correct symbols.
-- Adam Conrad <email address hidden> Thu, 6 Apr 2006 15:11:10 +1000
