Hi Moritz,
thanks for heads-up.
I am preparing the security updates for cyrus-imapd-2.2 right now.
Please note that for cyrus-imapd-2.4 this vulnerability was fixed in
upstream 2.4.7.
O.
On Tue, May 17, 2011 at 16:59, Moritz Muehlenhoff
wrote:
> Package: cyrus-imapd-2.2
> Severity: grave
> Ta
Package: cyrus-imapd-2.2
Severity: grave
Tags: security
Hi,
I was found out that Cyrus is also vulnerable to the STARTTLS plaintext
command injection vulnerability originally discovered in Postfix:
http://www.kb.cert.org/vuls/id/555316
http://www.postfix.org/CVE-2011-0411.html
Cyrus bug:
http://
2 matches
Mail list logo
