[Secure-testing-team] Bug#653238: alpine vulnerable to CVE-2008-5514
Jonathan Sailor
jsailor at cs.brown.edu
Sun Dec 25 18:50:43 UTC 2011
Package: alpine
Version: 2.00+dfsg-6
Severity: grave
Tags: security
Justification: user security hole
The alpine package does not include a fix for CVE-2008-5514.
Vulnerable: lenny lenny-backports squeeze
Fixed in upstream: wheezy sid
The patch is available at [1]. Note since that version is written for
uw-imap, the path to rfc822.c is imap/src/c-client/rfc822.c.
[1] http://people.debian.org/~nion/nmu-diff/uw-imap-2007b~dfsg-1_2007b~dfsg-1.1.patch
~jon.
-- System Information:
Debian Release: 6.0.3
APT prefers stable
APT policy: (750, 'stable'), (70, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages alpine depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - k
ii libkrb5-3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries
ii libncurses5 5.7+20100313-5 shared libraries for terminal hand
ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8o-4squeeze4 SSL shared libraries
alpine recommends no packages.
Versions of packages alpine suggests:
ii aspell 0.60.6-4 GNU Aspell spell-checker
ii postfix [mail-transport 2.7.1-1+squeeze1 High-performance mail transport ag
-- debconf-show failed
More information about the Secure-testing-team
mailing list