Legacy 7.3 imap-2001a-10.1 and CAN-2005-2933
Jeff Sheltren
sheltren at cs.ucsb.edu
Wed Oct 12 11:03:20 UTC 2005
On Oct 12, 2005, at 6:16 AM, Ville Herva wrote:
> I don't know if anyone cares about RH73 and imap-2001a anymore, but
> I think
> this vulnerability applies to imap-2001a-10.1.legacy too:
>
> http://www.idefense.com/application/poi/display?
> id=313&type=vulnerabilities&flashstatus=false
> http://www.linuxsecurity.com/content/view/120575
>
> I took the source from
> http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/
> imap-2001a-10.1.legacy.src.rpm
>
> and modified the mail.c patch from
> http://www.idefense.com/application/poi/display?
> id=313&type=vulnerabilities&flashstatus=false
> to apply to 2001a.
>
> It was just a blind patch weeding job - I didn't actually verify that
> imap-2001a isn't invulnerable to this or vulnerable to something else.
>
> I case anyone is interested, here's the modified .spec and the patch.
>
> Just do
>
> rpm -i imap-2001a-10.1.legacy.src.rpm
> cp imap.spec.patched /usr/src/redhat/SPECS/imap.spec
> cp imap-2001a-CAN-2005-2933_fix.patch /usr/src/redhat/SOURCES/
> rpm -bb /usr/src/redhat/SPECS/imap.spec
>
Thanks for the patch. It'd be nice if you could search through
bugzilla to see if this has been reported or not there, and either
add to that bug, or create a new bug (and post your new SRPM).
Thanks,
Jeff
More information about the fedora-legacy-list
mailing list