Bug 130013 - vuxml update: vuln.xml entry for mail/imap-uw
Summary: vuxml update: vuln.xml entry for mail/imap-uw
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Wilke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-29 07:30 UTC by mark
Modified: 2009-01-11 14:50 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description mark 2008-12-29 07:30:02 UTC 
Fix: 

<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
   <vuln vid="4bef2efc-7850-4a7c-96e4-4662417534bd">
     <topic>imap-uw -- University Of Washington IMAP c-client Buffer Overflow</topic>
     <affects>
       <package>
         <name>imap-uw</name>
         <range><lt>2007e</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>SANS reports:</p>
         <blockquote cite="http://www.washington.edu/imap/documentation/RELNOTES.html">
           <p>The University of Washington IMAP library is a library
implementing the IMAP mail protocol. University of Washington IMAP is
exposed to a buffer overflow issue that occurs due to a boundary error
within the rfc822_output_char function in the c-client library.
The University of Washington IMAP library versions prior to 2007e are
affected.</p>
         </blockquote>
       </body>
     </description>
     <references>
      <url>http://www.washington.edu/imap/documentation/RELNOTES.html</url>
      <cvename>CVE-2008-5514</cvename>
     </references>
     <dates>
       <discovery>2008-12-16</discovery>
       <entry>2008-12-28</entry>
     </dates>
   </vuln>
Comment 1 Martin Wilke freebsd_committer freebsd_triage 2008-12-29 08:10:05 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.
Comment 2 Martin Wilke freebsd_committer freebsd_triage 2009-01-11 14:49:27 UTC 
State Changed
From-To: open->closed

documented
Comment 3 dfilter service freebsd_committer freebsd_triage 2009-01-11 14:49:45 UTC 
miwi        2009-01-11 14:49:32 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  - Document imap-uw -- imap c-client buffer overflow
  
  PR:             130013
  Submitted by:   Mark Foster <mark@foster.cc>
  Approved by:    maintainer timeout
  
  Revision  Changes    Path
  1.1813    +30 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"