Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Oct 2015 11:13:20 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: urlfetch range handling flaw in Cyrus
 IMAP

On 09/30/2015 11:07 AM, Florian Weimer wrote:
> On 09/29/2015 01:01 PM, Martin Prpic wrote:
>> Hi, was a CVE ID assigned for the following issue?
>>
>> "Security fix: handle urlfetch range starting outside message range"
>> [https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html]
>>
>> Not many details seem to be available about this issue. Any pointers to
>> a patch that fixes this would be greatly appreciated.
> 
> This looks like the relevant fix:
> 
> https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
> 
> This patch seems to fix an information disclosure (out of bounds heap read).
> 
> The patch may be incomplete because n could become negative.  I'll ask
> on the cyrus-devel list once my subscription request goes through.
> 
> This otherwise unrelated commits might be security-relevant as well:
> 
> https://cyrus.foundation/cyrus-imapd/commit/?id=d81a712401418cc0bd1daa49ded8e5bcc4b69f21
> https://cyrus.foundation/cyrus-imapd/commit/?id=ff4e6c71d932b3e6bbfa67d76f095e27ff21bad0
> https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b

I have not received any reply to my question on the upstream mailing list:

<http://lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html>

Florian

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ