Univention Bugzilla – Bug 49631
cyrus-imapd: Multiple issues (4.4)
Last modified: 2019-06-12 16:35:49 CEST
New Debian cyrus-imapd 2.5.10-3+deb9u1 fixes: This update addresses the following issue: * specialy crafted HTTP PUT operation in CalDAV feature of httpd in IMAP leading to arbitrary code execution (CVE-2019-11356)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/cyrus-imapd_2.5.10-3.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/cyrus-imapd_2.5.10-3+deb9u1.dsc @@ -1,3 +1,8 @@ +2.5.10-3+deb9u1 [Fri, 07 Jun 2019 07:22:52 +0200] Xavier Guimard <yadd@debian.org>: + + * Add patch to fix arbitrary code execution via CalDAV + (Closes: CVE-2019-11356) + 2.5.10-3 [Wed, 07 Dec 2016 11:23:20 +0100] Ondřej Surý <ondrej@debian.org>: * Rely on default tls_ciphers and tls_versions configurations <http://10.200.17.11/4.4-0/#2940016564960942820>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts unclean package removal [4.4-0] 684c75597d Bug #49631: cyrus-imapd 2.5.10-3+deb9u1 doc/errata/staging/cyrus-imapd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-0] 61b3cd14aa Bug #49631: cyrus-imapd 2.5.10-3+deb9u1 doc/errata/staging/cyrus-imapd.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.4/147.html>