[Secure-testing-team] CVE-2007-5740: Security Bug in Perdition
Simon Horman
horms at verge.net.au
Thu Nov 1 06:35:36 UTC 2007
I wish to advise that a security vulnerability has been found in
perdition which may lead to an attacker being able to execute arbitrary
code on the machine running perdition without the need for
authentication.
Details of the bug can be found at
http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0889.html
A Patch to resolve the problem has been committed to CVS
http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46
A bug-fix release, 1.17.1 has been made. This includes a minimal
set of changes on top of 1.17
http://www.vergenet.net/linux/perdition/download/1.17.1/
There are also interim Debian packages under the URL above.
This includes packages for testing-security, which can also be found
by themselves at:
http://packages.vergenet.net/lenny-security/perdition/
I have uploaded the sid packages (1.17.1-1), as well as
the testing-stable and testing-unstable packages
after consulting with the Debian Security Team.
The bug will be hence forth tracked as CVE-2007-5740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5740
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
More information about the Secure-testing-team
mailing list