Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 8 Sep 2009 13:00:00 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE for recent cyrus-imap issue


CVE-2009-2628 has been clearly and publicly associated with VU#444513
which is for a VMware AVI codec heap overflow.  So it's not for cyrus-imap
at all.  (This may have been a typo somewhere down the line, and it's not
"live"  on the CVE site which didn't help things.)

As Nico said, CVE-2009-2632 appears to be the proper ID for the cyrus-imap
problem.  I am associating it with the SIEVE component overflow as
released in DEBIAN:DSA-1881.  If there's another bug floating around,
we'll have to use a different CVE.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.