On Oct 12, 2005, at 6:16 AM, Ville Herva wrote:
I don't know if anyone cares about RH73 and imap-2001a anymore, but
I think
this vulnerability applies to imap-2001a-10.1.legacy too:
http://www.idefense.com/application/poi/display?
id=313&type=vulnerabilities&flashstatus=false
http://www.linuxsecurity.com/content/view/120575
I took the source from
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/
imap-2001a-10.1.legacy.src.rpm
and modified the mail.c patch from
http://www.idefense.com/application/poi/display?
id=313&type=vulnerabilities&flashstatus=false
to apply to 2001a.
It was just a blind patch weeding job - I didn't actually verify that
imap-2001a isn't invulnerable to this or vulnerable to something else.
I case anyone is interested, here's the modified .spec and the patch.
Just do
rpm -i imap-2001a-10.1.legacy.src.rpm
cp imap.spec.patched /usr/src/redhat/SPECS/imap.spec
cp imap-2001a-CAN-2005-2933_fix.patch /usr/src/redhat/SOURCES/
rpm -bb /usr/src/redhat/SPECS/imap.spec
Thanks for the patch. It'd be nice if you could search through
bugzilla to see if this has been reported or not there, and either
add to that bug, or create a new bug (and post your new SRPM).
Thanks,
Jeff
--
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
