Bug#947043: cyrus-sasl2: CVE-2019-19906: Off by one in _sasl_add_string function

Salvatore Bonaccorso Thu, 19 Dec 2019 12:21:16 -0800

Source: cyrus-sasl2
Version: 2.1.27+dfsg-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/cyrusimap/cyrus-sasl/issues/587
Control: found -1 2.1.27~101-g0780600+dfsg-3


Hi,

The following vulnerability was published for cyrus-sasl2.

CVE-2019-19906[0]:
Off by one in _sasl_add_string function

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-19906
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906
[1] https://github.com/cyrusimap/cyrus-sasl/issues/587

Regards,
Salvatore

Bug#947043: cyrus-sasl2: CVE-2019-19906: Off by one in _sasl_add_string function

Reply via email to