Subject: CVS commit: [pkgsrc-2005Q3] pkgsrc/mail/imap-uw
To: None <pkgsrc-changes@NetBSD.org>
From: Soren Jacobsen <snj@netbsd.org>
List: pkgsrc-changes
Date: 10/08/2005 06:18:10 
Module Name:	pkgsrc
Committed By:	snj
Date:		Sat Oct  8 06:18:10 UTC 2005

Modified Files:
	pkgsrc/mail/imap-uw [pkgsrc-2005Q3]: Makefile buildlink3.mk distinfo
Added Files:
	pkgsrc/mail/imap-uw/patches [pkgsrc-2005Q3]: patch-an

Log Message:
Pullup ticket 805 - requested by Lubomir Sedlacik
security fix for imap-uw

Revisions pulled up:
- pkgsrc/mail/imap-uw/Makefile		1.102
- pkgsrc/mail/imap-uw/buildlink3.mk	1.5
- pkgsrc/mail/imap-uw/distinfo		1.25
- pkgsrc/mail/imap-uw/patches/patch-an	1.1

   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Wed Oct  5 15:49:44 UTC 2005

   Modified Files:
           pkgsrc/mail/imap-uw: Makefile buildlink3.mk distinfo
   Added Files:
           pkgsrc/mail/imap-uw/patches: patch-an

   Log Message:
   Security fix for SA17062:

   "A vulnerability in UW-imapd can be exploited by malicious users to
    cause a DoS (Denial of Service) or compromise a vulnerable system.

    The vulnerability is caused due to a boundary error in the
    "mail_valid_net_parse_work()" function when copying the user supplied
    mailbox name to a stack buffer. This can be exploited to cause a
    stack-based buffer overflow via a specially crafted mailbox name that
    contains an single opening double-quote character, without the
    corresponding closing double-quote.

    Successful exploitation allows arbitrary code execution, but requires
    valid credentials on the IMAP server."

    valid credentials on the IMAP server."

   http://secunia.com/advisories/17062/
   www.idefense.com/application/poi/display?id=313&type=vulnerabilities
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933

   Patch from 2004g.


To generate a diff of this commit:
cvs rdiff -r1.98.2.1 -r1.98.2.2 pkgsrc/mail/imap-uw/Makefile
cvs rdiff -r1.4 -r1.4.8.1 pkgsrc/mail/imap-uw/buildlink3.mk
cvs rdiff -r1.24 -r1.24.2.1 pkgsrc/mail/imap-uw/distinfo
cvs rdiff -r0 -r1.1.2.1 pkgsrc/mail/imap-uw/patches/patch-an

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.