Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 8 Sep 2009 13:00:00 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: CVE for recent cyrus-imap issue

CVE-2009-2628 has been clearly and publicly associated with VU#444513
which is for a VMware AVI codec heap overflow.  So it's not for cyrus-imap
at all.  (This may have been a typo somewhere down the line, and it's not
"live"  on the CVE site which didn't help things.)

As Nico said, CVE-2009-2632 appears to be the proper ID for the cyrus-imap
problem.  I am associating it with the SIEVE component overflow as
released in DEBIAN:DSA-1881.  If there's another bug floating around,
we'll have to use a different CVE.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.