Processing commands for cont...@bugs.debian.org:
> fixed 627081 2.2.13p1-11
Bug #627081 [cyrus-imapd-2.2] STARTTLS plaintext command injection
Bug Marked as fixed in versions cyrus-imapd-2.2/2.2.13p1-11.
> found 627081 2.2.13-14+lenny3
Bug #627081 [cyrus-imapd-2.2] STARTTLS plaintext command injec
Hi Moritz,
thanks for heads-up.
I am preparing the security updates for cyrus-imapd-2.2 right now.
Please note that for cyrus-imapd-2.4 this vulnerability was fixed in
upstream 2.4.7.
O.
On Tue, May 17, 2011 at 16:59, Moritz Muehlenhoff
wrote:
> Package: cyrus-imapd-2.2
> Severity: grave
> Ta
Package: cyrus-imapd-2.2
Severity: grave
Tags: security
Hi,
I was found out that Cyrus is also vulnerable to the STARTTLS plaintext
command injection vulnerability originally discovered in Postfix:
http://www.kb.cert.org/vuls/id/555316
http://www.postfix.org/CVE-2011-0411.html
Cyrus bug:
http://
3 matches
Mail list logo
