Univention Bugzilla – Bug 54289
uw-imap: Multiple issues (4.4)
Last modified: 2022-01-05 17:58:59 CET
New Debian uw-imap 8:2007f~dfsg-5+deb9u1 fixes: This update addresses the following issue: * imap_open() allows running arbitrary shell commands via mailbox parameter (CVE-2018-19518)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/uw-imap_2007f~dfsg-5.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/uw-imap_2007f~dfsg-5+deb9u1.dsc @@ -1,3 +1,11 @@ +8:2007f~dfsg-5+deb9u1 [Wed, 29 Dec 2021 16:18:19 +0200] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + * [CVE-2018-19518] 2013_disable_rsh.patch (new): Disable access to IMAP + mailboxes through running imapd over rsh, and therefore ssh (Closes: + #914632). Code using the library can enable it with tcp_parameters() + after making sure that the IMAP server name is sanitized. + 8:2007f~dfsg-5 [Wed, 23 Nov 2016 22:25:10 +0100] Magnus Holmgren <holmgren@debian.org>: * 1006_openssl1.1_autoverify.patch (new): Use new features for <http://piuparts.knut.univention.de/4.4-8/#5645120382199228795>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1143>